All the vulnerabilites related to oracle - communications_cloud_native_core_console
Vulnerability from fkie_nvd
Published
2021-11-01 09:15
Modified
2024-11-21 06:27
Summary
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D1D7288-8F99-473C-8C8E-CA7C91CDA7BA",
              "versionEndExcluding": "2.0.22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:mina:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9A1F25B-9764-4F7B-A93C-28ACD4163F99",
              "versionEndExcluding": "2.1.5",
              "versionStartIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4A9041-B9BC-451C-B1BD-4E2FD795BF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F846D9E-A35A-4639-98D0-F05081C72F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F8A91C-8BAB-41C4-AB06-FC683C25B910",
              "versionEndIncluding": "14.3",
              "versionStartIncluding": "14.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC083FF4-0F3A-4E70-9DDA-40E52F8E9A2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F17531CB-DE8A-4ACD-93A0-6A5A8481D51B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D47856CC-6F13-464D-9BCC-F6D5630AD4CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "747C7295-8731-4C59-BC81-CE60C4028C23",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater."
    },
    {
      "lang": "es",
      "value": "En Apache MINA, una petici\u00f3n HTTP espec\u00edficamente dise\u00f1ada y malformada puede causar que el decodificador de encabezados HTTP haga un bucle indefinido. El decodificador asume que el encabezado HTTP comienza al principio del buffer y hace un bucle si presenta m\u00e1s datos de los esperados. Por favor, actualice MINA a versi\u00f3n 2.1.5 o superior"
    }
  ],
  "id": "CVE-2021-41973",
  "lastModified": "2024-11-21T06:27:00.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-11-01T09:15:09.763",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/01/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/01/8"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/11/01/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-835"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-30 15:15
Modified
2024-11-21 05:48
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
References
security-advisories@github.comhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295Third Party Advisory
security-advisories@github.comhttps://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32Third Party Advisory
security-advisories@github.comhttps://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpjThird Party Advisory
security-advisories@github.comhttps://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E
security-advisories@github.comhttps://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E
security-advisories@github.comhttps://security.netapp.com/advisory/ntap-20210604-0003/Third Party Advisory
security-advisories@github.comhttps://www.debian.org/security/2021/dsa-4885Third Party Advisory
security-advisories@github.comhttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security-advisories@github.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security-advisories@github.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security-advisories@github.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpjThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210604-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4885Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC283248-0EB5-46CA-A68C-4FF004D606F8",
              "versionEndExcluding": "4.1.61",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E14324D-B9EE-4C06-ACC7-255189ED6300",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBEBB60F-6EAB-4AE5-B777-5044C657FBA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B185C1EA-71E6-4972-8637-08A33CC00841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "040DA31B-2A0C-46F6-8EDF-9B88F9FB0F48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E7626D2-D9FF-416A-9581-852CED0D8C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE34D4F7-5C18-4578-8D0A-722FDF931333",
              "versionEndExcluding": "9.2.6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167D144-C4AE-487F-B59A-888E10EA59DF",
              "versionEndExcluding": "21.1.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
              "versionEndIncluding": "18.8.11",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
              "versionEndIncluding": "19.12.10",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64839EBF-078E-492A-897C-9AFFB7678ED8",
              "versionEndIncluding": "1.13.7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
    },
    {
      "lang": "es",
      "value": "Netty es un framework de aplicaci\u00f3n de red de c\u00f3digo abierto y as\u00edncrono event-driven para el desarrollo r\u00e1pido de servidores y clientes de protocolo de alto rendimiento mantenibles.\u0026#xa0;En Netty (io.netty:netty-codec-http2) versiones anteriores a 4.1.61.Final se presenta una vulnerabilidad que permite el trafico no autorizado de peticiones.\u0026#xa0;El encabezado content-length no es comprobado correctamente si la petici\u00f3n solo usa un \u00fanico Http2HeaderFrame con endStream establecido en verdadero.\u0026#xa0;Esto podr\u00eda conllevar al trafico no autorizado de peticiones si la petici\u00f3n se env\u00eda a un peer remoto y se traduce a HTTP/1.1.\u0026#xa0;Este es un seguimiento de GHSA-wm47-8v5p-wjpj/CVE-2021-21295 que no pudo solucionar este caso.\u0026#xa0;Esto se corrigi\u00f3 como parte de la versi\u00f3n 4.1.61.Final."
    }
  ],
  "id": "CVE-2021-21409",
  "lastModified": "2024-11-21T05:48:17.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-30T15:15:14.573",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4885"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4885"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-08-20 21:15
Modified
2024-11-21 04:18
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
References
security@apache.orghttp://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.htmlMailing List, Third Party Advisory
security@apache.orghttp://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e
security@apache.orghttps://access.redhat.com/errata/RHSA-2019:4317Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2020:0057Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2020:0194Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2020:0804Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2020:0805Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2020:0806Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2020:0811Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2019/08/msg00030.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.html
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:4317Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0057Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0194Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0804Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0805Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0806Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0811Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/08/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache commons_beanutils *
apache nifi 1.14.0
apache nifi 1.15.0
debian debian_linux 8.0
opensuse leap 15.0
opensuse leap 15.1
fedoraproject fedora 30
fedoraproject fedora 31
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 7.0
redhat jboss_enterprise_application_platform 7.2.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server 8.0
oracle agile_plm 9.3.3
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle agile_product_lifecycle_management_integration_pack 3.5
oracle agile_product_lifecycle_management_integration_pack 3.5
oracle agile_product_lifecycle_management_integration_pack 3.6
oracle agile_product_lifecycle_management_integration_pack 3.6
oracle application_testing_suite 13.3.0.1
oracle banking_platform 2.4.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle blockchain_platform *
oracle communications_billing_and_revenue_management 7.5
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3.0.9
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3
oracle communications_cloud_native_core_console 1.4.0
oracle communications_cloud_native_core_policy 1.9.0
oracle communications_cloud_native_core_unified_data_repository 1.6.0
oracle communications_convergence 3.0.2.2.0
oracle communications_design_studio 7.3.4
oracle communications_design_studio 7.3.5
oracle communications_design_studio 7.4.0
oracle communications_evolved_communications_application_server 7.1
oracle communications_metasolv_solution 6.3.0
oracle communications_metasolv_solution 6.3.1
oracle communications_network_integrity 7.3.6
oracle communications_performance_intelligence_center 10.4.0.3
oracle communications_pricing_design_center 12.0.0.3.0
oracle communications_unified_inventory_management 7.3.4
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
oracle customer_management_and_segmentation_foundation 18.0
oracle enterprise_manager_for_virtualization 13.4.0.0
oracle financial_services_revenue_management_and_billing_analytics 2.7
oracle financial_services_revenue_management_and_billing_analytics 2.8
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle fusion_middleware 11.1.1.9
oracle fusion_middleware 12.2.1.3.0
oracle fusion_middleware 12.2.1.4.0
oracle healthcare_foundation 7.1.5
oracle healthcare_foundation 7.2.2
oracle healthcare_foundation 7.3.0
oracle healthcare_foundation 7.3.1
oracle healthcare_foundation 8.0.1
oracle hospitality_opera_5 5.5
oracle hospitality_opera_5 5.6
oracle hospitality_reporting_and_analytics 9.1.0
oracle insurance_data_gateway 1.0.2.3
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_orchestrator 9.2.5.3
oracle jd_edwards_enterpriseone_tools *
oracle jd_edwards_enterpriseone_tools 9.2.5.3
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_pt_peopletools 8.56
oracle peoplesoft_enterprise_pt_peopletools 8.57
oracle peoplesoft_enterprise_pt_peopletools 8.58
oracle primavera_gateway *
oracle primavera_gateway *
oracle real-time_decisions_solutions 3.2.0.0
oracle retail_advanced_inventory_planning 14.1
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_invoice_matching 16.0.3
oracle retail_merchandising_system 5.0.3.1
oracle retail_point-of-service 14.1
oracle retail_predictive_application_server 16.0
oracle retail_price_management 14.0
oracle retail_price_management 14.0.1
oracle retail_price_management 15.0
oracle retail_price_management 16.0
oracle retail_returns_management 14.1
oracle retail_xstore_point_of_service 7.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle service_bus 11.1.1.9.0
oracle service_bus 12.2.1.3.0
oracle service_bus 12.2.1.4.0
oracle solaris_cluster 4.4
oracle time_and_labor *
oracle utilities_framework *
oracle utilities_framework 4.2.0.2.0
oracle utilities_framework 4.2.0.3.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle utilities_framework 4.4.0.3.0
oracle weblogic_server 10.3.6.0.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:commons_beanutils:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0491CF4-E0CF-45FC-962E-92E32E2C3C80",
              "versionEndIncluding": "1.9.3",
              "versionStartIncluding": "1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:nifi:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28B78CAF-8752-4963-9E5E-B22AE2034A5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:nifi:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C187CC-B24E-4DD1-A184-5ADC8A920D08",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0952BA1A-5DF9-400F-B01F-C3A398A8A2D4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0FEFCDD-A212-4525-B449-2C4A00A0D2E9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:e-business_suite:*:*",
              "matchCriteriaId": "86527C36-B25B-429D-9506-8899918D8C76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.5:*:*:*:*:sap:*:*",
              "matchCriteriaId": "E4C94F08-3C74-477E-9715-CABE3A3E3A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
              "matchCriteriaId": "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:sap:*:*",
              "matchCriteriaId": "AEB46F47-012E-4C1B-AF76-458197482585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
              "versionEndExcluding": "21.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "55E0B453-E528-43AF-8244-7C4B201921D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3732921-FEA4-4B50-A1C9-13BC13F64C2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBFFAD49-21CB-4554-870F-31D0AB0E7366",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC9A5185-F623-48C2-8364-A3303D1566DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A298F7E8-0E0B-49EA-B952-C7BB2275EA67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BE4838-1144-4A6A-ABDB-F2766E64C91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B54457C-8305-4F82-BE1E-DBA030A8E676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C756C62B-E655-4770-8E85-B1995889E416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "727DF4F5-3D21-491E-96B9-EC973A6C9C18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32595B1B-ADAE-4930-AF88-910121EE8310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CCE1968-016C-43C1-9EE1-FD9F978B688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:11.1.1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "517ADEF7-97A4-4A3F-874D-5D1B25FA24D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2177A5E9-B260-499E-8D60-920679518425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B43A9C25-CBB7-42C8-99AF-0ED8208F315E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C5D8850-6CA4-44D9-8763-6E94ED3A7EEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "67976376-4DD9-4DFD-9C13-59F0279CA2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1817C30-7B0B-441A-9567-B8DD7C6E646C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "72B87E98-5FB9-42AA-B056-77EFD2A6CC06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A366B8-1B5C-4C9E-A761-1AB1547D7404",
              "versionEndExcluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1975B24B-BCFE-4418-A496-B5B9F0CF5D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BCA7DD9-8599-4E43-9D82-999BE15483B9",
              "versionEndExcluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE8CCE2-4151-4724-B3B5-01E5223D3B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB3BE9F-44AC-4EE0-9E66-2B72CF4AF0F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "99BA317E-3C52-4BAF-B61C-803B7208C155",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_pt_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "929638B0-AAD1-4326-9549-2FA8D03AA7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
              "versionEndIncluding": "16.2.11",
              "versionStartIncluding": "16.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA6FCD1C-9093-4630-8016-B70F25C34358",
              "versionEndIncluding": "17.12.6",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real-time_decisions_solutions:3.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "456A6845-ACE0-4553-8350-A5E624B99EC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:5.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "910D3825-F28D-4C6C-B7D6-D8A92BCAB65B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891E192D-BA12-4D89-8D18-C93D2F26A369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7A1B92-41CE-4DD8-B0BB-992296DDBB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFC5F424-119D-4C66-8251-E735EEFBC0BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5599457B-66C6-4549-8B1F-669EB3D3D2B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:solaris_cluster:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B450108-E2A5-4F01-AF06-47AD1A5BDFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A74710-0E0F-4123-A64C-0684824D13CA",
              "versionEndIncluding": "12.2.11",
              "versionStartIncluding": "12.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
    },
    {
      "lang": "es",
      "value": "En Apache Commons Beanutils 1.9.2, se agreg\u00f3 una clase especial BeanIntrospector que permite suprimir la capacidad de un atacante para acceder al cargador de clases a trav\u00e9s de la propiedad de clase disponible en todos los objetos Java. Sin embargo, no se esta usando esta caracter\u00edstica por defecto de PropertyUtilsBean."
    }
  ],
  "id": "CVE-2019-10086",
  "lastModified": "2024-11-21T04:18:22.250",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-08-20T21:15:12.057",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
    },
    {
      "source": "security@apache.org",
      "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:4317"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0057"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0194"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0804"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0805"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0806"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0811"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:4317"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0057"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0194"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0804"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0806"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0811"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-06-02 13:15
Modified
2024-11-21 05:03
Summary
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EE6E12-A43A-4F53-9750-35D8BDF16100",
              "versionEndExcluding": "3.7.9",
              "versionStartIncluding": "3.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:xnio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5A1F231-972E-455F-8BA0-06627A715061",
              "versionEndExcluding": "3.8.2",
              "versionStartIncluding": "3.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:xnio:3.6.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "80259D1A-EC7A-4C72-A193-4E9F594BC1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:xnio:3.6.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "2167DBAE-1F20-4B41-8D98-A3FAFDCBB510",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_brms:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE5157F3-B74D-4066-AB34-8B42BBEB9C7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_brms:6:*:*:*:*:*:*:*",
              "matchCriteriaId": "38DD6591-DB2A-4A1C-800B-D6C32C5D3065",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_data_grid:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "372F543C-1516-4F17-B4B7-A67B7CAD6966",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_data_grid:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD354E32-A8B0-484C-B4C6-9FBCD3430D2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_data_virtualization:6.0.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "AB9104FA-3448-43E0-BED9-BAF7D06054E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D7F1AD-4BD3-4C37-B6B5-B287464B2EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_fuse:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A305F012-544E-4245-9D69-1C8CD37748B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_fuse:7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40CCE4F-EA2C-453D-BB76-6388767E5C6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_operations_network:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C077D692-150C-4AE9-8C0B-7A3EA5EB1100",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_soa_platform:5:*:*:*:*:*:*:*",
              "matchCriteriaId": "44D5DDAE-5519-4E9D-8DD0-D56E4E034F26",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E463039-5E48-4AA0-A42B-081053FA0111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A442DA9E-FF9A-4C51-9D3E-68D09C8BB472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 una vulnerabilidad en XNIO en la que se produce un filtrado de descriptores de archivos causada por el crecimiento de la cantidad de manejadores de archivos NIO Selector entre los ciclos de recolecci\u00f3n de basura. Puede permitir al atacante causar una denegaci\u00f3n de servicio. Afecta a XNIO versiones 3.6.0.Beta1 hasta 3.8.1.Final"
    }
  ],
  "id": "CVE-2020-14340",
  "lastModified": "2024-11-21T05:03:02.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-06-02T13:15:08.083",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-29 20:15
Modified
2024-11-21 05:50
Summary
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Mar/29Mailing List, Third Party Advisory
support@hackerone.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1334111Exploit, Issue Tracking, Patch, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2021/09/msg00022.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/Mailing List, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/Mailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20211029-0003/Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20220121-0008/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213183Release Notes, Third Party Advisory
support@hackerone.comhttps://www.debian.org/security/2022/dsa-5197Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Mar/29Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1334111Exploit, Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/09/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211029-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220121-0008/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213183Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5197Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
haxx curl *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 33
fedoraproject fedora 35
netapp cloud_backup -
netapp clustered_data_ontap -
netapp oncommand_insight -
netapp oncommand_workflow_automation -
netapp snapcenter -
netapp h300s_firmware -
netapp h300s -
netapp h500s_firmware -
netapp h500s -
netapp h700s_firmware -
netapp h700s -
netapp h300e_firmware -
netapp h300e -
netapp h500e_firmware -
netapp h500e -
netapp h700e_firmware -
netapp h700e -
netapp h410s_firmware -
netapp h410s -
netapp solidfire_baseboard_management_controller_firmware -
netapp solidfire_baseboard_management_controller -
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle mysql_server *
oracle mysql_server *
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
apple macos *
siemens sinec_infrastructure_network_services *
oracle commerce_guided_search 11.3.2
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_console 22.2.0
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
splunk universal_forwarder *
splunk universal_forwarder *
splunk universal_forwarder 9.1.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CACB6A8-0CF6-4283-BB33-FE3B0026A23E",
              "versionEndExcluding": "7.79.0",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E667933A-37EA-4BC2-9180-C3B4B7038866",
              "versionEndIncluding": "5.7.35",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6",
              "versionEndIncluding": "8.0.26",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9060C1B6-F101-46AE-8B08-6D6951304916",
              "versionEndExcluding": "12.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
              "versionEndExcluding": "1.0.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network."
    },
    {
      "lang": "es",
      "value": "Un usuario puede decirle a curl versiones posteriores a 7.20.0 incluy\u00e9ndola , y versiones anteriores a 7.78.0 incluy\u00e9ndola, que requiera una actualizaci\u00f3n con \u00e9xito a TLS cuando hable con un servidor IMAP, POP3 o FTP (\"--ssl-reqd\" en la l\u00ednea de comandos o \"CURLOPT_USE_SSL\" configurado como \"CURLUSESSL_CONTROL\" o \"CURLUSESSL_ALL\" conlibcurl). Este requisito podr\u00eda ser omitido si el servidor devolviera una respuesta correctamente dise\u00f1ada pero perfectamente leg\u00edtima. Este fallo har\u00eda que curl continuara silenciosamente sus operaciones **withoutTLS** en contra de las instrucciones y expectativas, exponiendo posiblemente datos confidenciales en texto sin cifrar a trav\u00e9s de la red"
    }
  ],
  "id": "CVE-2021-22946",
  "lastModified": "2024-11-21T05:50:59.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-29T20:15:08.187",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1334111"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213183"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1334111"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-325"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-319"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-12 12:15
Modified
2024-11-21 06:03
Summary
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/07/12/1Mailing List, Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3EMailing List, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3EMailing List, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/07/12/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3EMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3EMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAD7B00-AFF0-4312-834F-F6ED92252FD7",
              "versionEndExcluding": "2.7.0",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368",
              "versionEndIncluding": "14.3.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCCFDDAC-CF84-4259-BA65-98DC5482A0A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE9F9C25-7424-4EA5-84D4-880DE1FC56C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:oss_support_tools:2.12.42:*:*:*:*:*:*:*",
              "matchCriteriaId": "747C7295-8731-4C59-BC81-CE60C4028C23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0"
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en sshd-core de Apache Mina SSHD, permite a un atacante desbordar el servidor causando un error de tipo OutOfMemory. Este problema afecta a las funcionalidades SFTP y port forwarding de Apache Mina SSHD versi\u00f3n 2.0.0 y posteriores. Se ha solucionado en Apache Mina SSHD versi\u00f3n 2.7.0"
    }
  ],
  "id": "CVE-2021-30129",
  "lastModified": "2024-11-21T06:03:21.897",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-12T12:15:07.783",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/07/12/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/07/12/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-01-19 17:15
Modified
2024-11-21 06:48
Severity ?
Summary
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
References
cve@mitre.orghttp://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
cve@mitre.orghttp://seclists.org/fulldisclosure/2022/Jan/39Exploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://github.com/h2database/h2database/releases/tag/version-2.1.210Patch, Release Notes, Third Party Advisory
cve@mitre.orghttps://github.com/h2database/h2database/security/advisoriesMitigation, Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/02/msg00017.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20230818-0011/
cve@mitre.orghttps://twitter.com/d0nkey_man/status/1483824727936450564Exploit, Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5076Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlNot Applicable
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Jan/39Exploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2database/h2database/releases/tag/version-2.1.210Patch, Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/h2database/h2database/security/advisoriesMitigation, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/02/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20230818-0011/
af854a3a-2127-422b-91ae-364da2661108https://twitter.com/d0nkey_man/status/1483824727936450564Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5076Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlNot Applicable



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:h2database:h2:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F968DB6-8C38-47CE-AD38-4A0A3BFE594A",
              "versionEndExcluding": "2.0.206",
              "versionStartIncluding": "1.1.100",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392."
    },
    {
      "lang": "es",
      "value": "H2 Console versiones anteriores a 2.1.210, permite a atacantes remotos ejecutar c\u00f3digo arbitrario por medio de una URL jdbc:h2:mem JDBC que contenga la subcadena IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT, una vulnerabilidad diferente a CVE-2021-42392"
    }
  ],
  "id": "CVE-2022-23221",
  "lastModified": "2024-11-21T06:48:13.213",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-19T17:15:09.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jan/39"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/h2database/h2database/releases/tag/version-2.1.210"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/h2database/h2database/security/advisories"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0011/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/d0nkey_man/status/1483824727936450564"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5076"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Jan/39"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/h2database/h2database/releases/tag/version-2.1.210"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/h2database/h2database/security/advisories"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20230818-0011/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://twitter.com/d0nkey_man/status/1483824727936450564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5076"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-88"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-02-24 15:15
Modified
2024-11-21 06:50
Summary
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
References
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2022/02/23/4Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rstRelease Notes, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/03/msg00002.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20221007-0003/Third Party Advisory
cve@mitre.orghttps://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28Release Notes, Vendor Advisory
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5087Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2022/02/23/4Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rstRelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/03/msg00002.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20221007-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5087Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cyrusimap:cyrus-sasl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84E874C7-A473-41FC-9A0B-F9AC7FA10B84",
              "versionEndIncluding": "2.1.27",
              "versionStartIncluding": "2.1.17",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B77BFB7-C105-4A42-A9A4-45EF4EC8556F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement."
    },
    {
      "lang": "es",
      "value": "En Cyrus SASL versiones 2.1.17 hasta 2.1.27 anteriores a 2.1.28, el archivo plugins/sql.c no escapa la contrase\u00f1a para una sentencia SQL INSERT o UPDATE"
    }
  ],
  "id": "CVE-2022-24407",
  "lastModified": "2024-11-21T06:50:21.343",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-02-24T15:15:29.350",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221007-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5087"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20221007-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5087"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-03-04 16:15
Modified
2024-11-21 06:47
Summary
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71D24F3E-9DA8-491B-841F-BDF95B8000B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A264E0DE-209D-49B1-8B26-51AB8BBC97F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
    },
    {
      "lang": "es",
      "value": "En spring cloud gateway versiones anteriores a 3.1.1+ , las aplicaciones que son configuradas para habilitar HTTP2 y no es establecido un almac\u00e9n de claves o certificados confiables son configurados para usar un TrustManager no seguro. Esto hace que la pasarela pueda conectarse a servicios remotos con certificados no v\u00e1lidos o personalizados"
    }
  ],
  "id": "CVE-2022-22946",
  "lastModified": "2024-11-21T06:47:39.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-04T16:15:10.377",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22946"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22946"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-295"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:47
Severity ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
References
security@vmware.comhttp://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
security@vmware.comhttp://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
security@vmware.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfPatch, Third Party Advisory
security@vmware.comhttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005Third Party Advisory
security@vmware.comhttps://tanzu.vmware.com/security/cve-2022-22965Mitigation, Vendor Advisory
security@vmware.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67Third Party Advisory
security@vmware.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
security@vmware.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tanzu.vmware.com/security/cve-2022-22965Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/970766
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle jdk *
cisco cx_cloud_agent *
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_console 22.1.0
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_network_slice_selection_function 1.15.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_policy 22.1.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_cloud_native_core_unified_data_repository 22.1.0
oracle communications_policy_management 12.6.0.0.0
oracle financial_services_analytical_applications_infrastructure 8.1.1
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle financial_services_behavior_detection_platform 8.1.2.0
oracle financial_services_enterprise_case_management 8.1.1.0
oracle financial_services_enterprise_case_management 8.1.1.1
oracle financial_services_enterprise_case_management 8.1.2.0
oracle mysql_enterprise_monitor *
oracle product_lifecycle_analytics 3.6.1
oracle retail_xstore_point_of_service 20.0.1
oracle retail_xstore_point_of_service 21.0.0
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
siemens operation_scheduler *
siemens sipass_integrated 2.80
siemens sipass_integrated 2.85
siemens siveillance_identity 1.5
siemens siveillance_identity 1.6
veritas access_appliance 7.4.3
veritas access_appliance 7.4.3.100
veritas access_appliance 7.4.3.200
veritas access_appliance 7.4.3
veritas access_appliance 7.4.3.100
veritas access_appliance 7.4.3.200
veritas flex_appliance 1.3
veritas flex_appliance 2.0
veritas flex_appliance 2.0.1
veritas flex_appliance 2.0.2
veritas flex_appliance 2.1
veritas netbackup_flex_scale_appliance 2.1
veritas netbackup_flex_scale_appliance 3.0
veritas netbackup_appliance 4.0
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.0.0.1
veritas netbackup_appliance 4.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_appliance 4.1.0.1
veritas netbackup_virtual_appliance 4.0
veritas netbackup_virtual_appliance 4.0.0.1
veritas netbackup_virtual_appliance 4.0.0.1
veritas netbackup_virtual_appliance 4.0.0.1
veritas netbackup_virtual_appliance 4.1
veritas netbackup_virtual_appliance 4.1.0.1
veritas netbackup_virtual_appliance 4.1.0.1
siemens operation_scheduler *
siemens simatic_speech_assistant_for_machines *
siemens sinec_network_management_system *
siemens sipass_integrated 2.80
siemens sipass_integrated 2.85
siemens siveillance_identity 1.5
siemens siveillance_identity 1.6
oracle commerce_platform 11.3.2
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_unified_inventory_management 7.4.1
oracle communications_unified_inventory_management 7.4.2
oracle communications_unified_inventory_management 7.5.0
oracle retail_bulk_data_integration 16.0.3
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle retail_financial_integration 14.1.3.2
oracle retail_financial_integration 15.0.3.1
oracle retail_financial_integration 16.0.3
oracle retail_financial_integration 19.0.1
oracle retail_integration_bus 14.1.3.2
oracle retail_integration_bus 15.0.3.1
oracle retail_integration_bus 16.0.3
oracle retail_integration_bus 19.0.1
oracle retail_merchandising_system 16.0.3
oracle retail_merchandising_system 19.0.1
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0



{
  "cisaActionDue": "2022-04-25",
  "cisaExploitAdd": "2022-04-04",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Spring Framework JDK 9+ Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7417ECB4-3391-4273-9DAF-C9C82220CEA8",
              "versionEndExcluding": "5.2.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5049322E-FFAA-4CAA-B794-63539EA4E6D7",
              "versionEndExcluding": "5.3.18",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:jdk:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F22333-401B-4DB1-A63D-622FA54C2BA9",
              "versionStartIncluding": "9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:cx_cloud_agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DA44823-E5F1-4922-BCCA-13BEB49C017B",
              "versionEndExcluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D163AA57-1D66-4FBF-A8BB-F13E56E5C489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "02AEDB9F-1040-4840-ACB6-8BF299886ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "41C2C67B-BF55-4B48-A94D-1F37A4FAC68C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7ECCD8C1-C055-4958-A613-B6D1609687F1",
              "versionEndExcluding": "8.0.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
              "versionEndExcluding": "2.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
              "matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "26CDB573-611F-403C-9E9F-2A929B7B9602",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "E84BF8E9-9AB8-4591-9760-C9B727FD0BA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:access_appliance:7.4.3.200:*:*:*:*:*:*:*",
              "matchCriteriaId": "2605B356-2BDE-45B2-AAB3-55236E163588",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E18698DE-9043-4AA0-B798-51C0B4CACBAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CE9674B-4528-4168-B09A-DBAA48622307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9810D40F-FF25-495F-80A4-7A8D8679FA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B3BC5A-97E2-4295-9EA3-62D29E579E9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:flex_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18FEAF-65B4-4F56-A703-21DF9B969B0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66B1DC73-8B4C-418B-96A7-17C35E9164CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:veritas:netbackup_flex_scale_appliance:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E6CF01-79F1-4E56-BB3C-02AE544876E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62D12B2A-0167-4010-888E-30BB96DBA3F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "42554066-06A0-44EF-8911-5982A4033E00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "BE52F0C6-7AB6-4E84-9A8C-01C2AE170504",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "F2762443-9B5B-4675-84B3-21A60385F86E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F91A353F-6BEE-423E-BB6A-413C2C03D313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "6256AE6A-34BF-417A-BAB9-8889457BA31B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "FBEF9B41-F0AF-49A8-95A9-5F803E5AFDE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3F72DF7-C2C6-4009-82D8-462714D80DF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "A5C4BAEE-EAAE-46F6-A275-330EE41CF1F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "5311A3B2-E1C7-4816-B1DD-F0166C65F5A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.0.0.1:maintenance_release3:*:*:*:*:*:*",
              "matchCriteriaId": "ED4BC39F-2A18-4F2D-B5A6-A1590D220611",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5BC47D-DD3A-4CE1-B313-18C9547E89EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release1:*:*:*:*:*:*",
              "matchCriteriaId": "63459D69-EC29-49A6-9577-A48B63C63063",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:veritas:netbackup_virtual_appliance:4.1.0.1:maintenance_release2:*:*:*:*:*:*",
              "matchCriteriaId": "7B20A490-3398-4B36-9630-98CADC801E9E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:operation_scheduler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "435B691D-C763-4692-A46A-3422FA821ACF",
              "versionEndExcluding": "2.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:simatic_speech_assistant_for_machines:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D035FB7D-36A5-439E-9992-DE255F020AB5",
              "versionEndExcluding": "1.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sinec_network_management_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D14E8FC-464B-414D-AE56-C20FF46E25FB",
              "versionEndExcluding": "1.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "83E77D85-0AE8-41D6-AC0C-983A8B73C831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:sipass_integrated:2.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "02B28A44-3708-480D-9D6D-DDF8C21A15EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9772EE3F-FFC5-4611-AD9A-8AD8304291BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:siemens:siveillance_identity:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF524892-278F-4373-A8A3-02A30FA1AFF4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3486C85C-57BC-433F-941C-E81539DA5C1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
    },
    {
      "lang": "es",
      "value": "Una aplicaci\u00f3n Spring MVC o Spring WebFlux que es ejecutada en JDK 9+ puede ser vulnerable a la ejecuci\u00f3n de c\u00f3digo remota (RCE) por medio de una vinculaci\u00f3n de datos. La explotaci\u00f3n espec\u00edfica requiere que la aplicaci\u00f3n sea ejecutada en Tomcat como un despliegue WAR. Si la aplicaci\u00f3n es desplegada como un jar ejecutable de Spring Boot, es decir, por defecto, no es vulnerable a la explotaci\u00f3n. Sin embargo, la naturaleza de la vulnerabilidad es m\u00e1s general, y puede haber otras formas de explotarla"
    }
  ],
  "id": "CVE-2022-22965",
  "lastModified": "2024-11-21T06:47:42.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-01T23:15:13.870",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22965"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22965"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.kb.cert.org/vuls/id/970766"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-11-08 15:15
Modified
2024-11-21 04:18
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20220210-0024/Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0159Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0160Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0161Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0164Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220210-0024/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
Impacted products
Vendor Product Version
redhat hibernate_validator *
redhat hibernate_validator 6.1.0
redhat hibernate_validator 6.1.0
redhat hibernate_validator 6.1.0
redhat hibernate_validator 6.1.0
redhat hibernate_validator 6.1.0
redhat hibernate_validator 6.1.0
redhat fuse 1.0
redhat jboss_data_grid -
redhat jboss_enterprise_application_platform -
redhat openshift_application_runtimes -
redhat single_sign-on -
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat enterprise_linux 6.0
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp management_services_for_element_software_and_netapp_hci -
netapp snapcenter_plug-in -
netapp element -
oracle access_manager 11.1.2.3.0
oracle access_manager 12.2.1.3.0
oracle access_manager 12.2.1.4.0
oracle agile_engineering_data_management 6.2.1.0
oracle agile_plm 9.3.3
oracle agile_plm 9.3.6
oracle agile_product_lifecycle_analytics 3.6.1
oracle agile_product_lifecycle_management_integration_pack 3.6
oracle airlines_data_model 12.1.1.0.0
oracle airlines_data_model 12.2.0.1.0
oracle application_express 21.1.4
oracle application_performance_management 13.4.1.0
oracle application_performance_management 13.5.1.0
oracle application_testing_suite 13.3.0.1
oracle argus_analytics 8.2.1
oracle argus_analytics 8.2.2
oracle argus_analytics 8.2.3
oracle argus_analytics 8.21
oracle argus_insight 8.2.1
oracle argus_insight 8.2.2
oracle argus_insight 8.2.3
oracle argus_safety 8.2.1
oracle argus_safety 8.2.2
oracle argus_safety 8.2.3
oracle banking_apis 18.1
oracle banking_apis 18.2
oracle banking_apis 18.3
oracle banking_apis 19.1
oracle banking_apis 19.2
oracle banking_apis 20.1
oracle banking_apis 21.1
oracle banking_deposits_and_lines_of_credit_servicing 2.12.0
oracle banking_digital_experience 17.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_digital_experience 21.1
oracle banking_enterprise_default_management 2.6.2
oracle banking_enterprise_default_management 2.7.0
oracle banking_enterprise_default_management 2.7.1
oracle banking_enterprise_default_management 2.10.0
oracle banking_enterprise_default_management 2.12.0
oracle banking_enterprise_default_managment *
oracle banking_loans_servicing 2.12.0
oracle banking_party_management 2.7.0
oracle banking_platform *
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle bi_publisher 5.5.0.0.0
oracle bi_publisher 11.1.1.9.0
oracle bi_publisher 12.2.1.3.0
oracle bi_publisher 12.2.1.4.0
oracle big_data_spatial_and_graph 23.1
oracle business_activity_monitoring 12.2.1.4.0
oracle business_intelligence 5.5.0.0.0
oracle business_intelligence 5.9.0.0.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle clinical 5.2.1
oracle clinical 5.2.2
oracle commerce_guided_search 11.3.2
oracle commerce_platform *
oracle communications_application_session_controller 3.9.0
oracle communications_billing_and_revenue_management 12.0.0.3
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0
oracle communications_calendar_server 8.0.0.5.0
oracle communications_calendar_server 8.0.0.6.0
oracle communications_cloud_native_core_automated_test_suite 1.8.0
oracle communications_cloud_native_core_binding_support_function 1.9.0
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_cloud_native_core_console 1.7.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.9.0
oracle communications_cloud_native_core_network_repository_function 1.14.0
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.5.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.6.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.15.0
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle communications_contacts_server 8.0.0.3.0
oracle communications_converged_application_server_-_service_controller 6.2
oracle communications_convergence 3.0.2.2.0
oracle communications_convergent_charging_controller *
oracle communications_convergent_charging_controller 6.0.1.0.0
oracle communications_data_model 11.3.2.1.0
oracle communications_data_model 11.3.2.2.0
oracle communications_data_model 11.3.2.3.0
oracle communications_data_model 12.1.0.1.0
oracle communications_data_model 12.1.2.0.0
oracle communications_design_studio 7.3.4
oracle communications_design_studio 7.3.5
oracle communications_design_studio 7.4.0
oracle communications_design_studio 7.4.1
oracle communications_design_studio 7.4.2
oracle communications_diameter_signaling_route *
oracle communications_eagle_application_processor *
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_messaging_server 8.1
oracle communications_metasolv_solution 6.3.1
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1.0.0
oracle communications_network_integrity 7.3.5
oracle communications_network_integrity 7.3.6
oracle communications_offline_mediation_controller 12.0.0.3
oracle communications_operations_monitor 3.4
oracle communications_operations_monitor 4.2
oracle communications_operations_monitor 4.3
oracle communications_operations_monitor 4.4
oracle communications_operations_monitor 5.0
oracle communications_pricing_design_center 12.0.0.3.0
oracle communications_pricing_design_center 12.0.0.4.0
oracle communications_service_broker 6.2
oracle communications_services_gatekeeper 7.0
oracle communications_session_border_controller 8.2
oracle communications_session_border_controller 8.3
oracle communications_session_border_controller 8.4
oracle communications_session_border_controller 9.0
oracle communications_unified_inventory_management 7.3.0
oracle communications_unified_inventory_management 7.3.4
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.0
oracle communications_unified_inventory_management 7.4.1
oracle communications_unified_inventory_management 7.4.2
oracle communications_unified_inventory_management 7.5.0
oracle communications_webrtc_session_controller 7.2.0
oracle communications_webrtc_session_controller 7.2.1
oracle data_integrator 12.2.1.3.0
oracle data_integrator 12.2.1.4.0
oracle database_server 12.1.0.1
oracle database_server 12.1.0.2
oracle database_server 19c
oracle database_server 21c
oracle demantra_demand_management *
oracle documaker *
oracle e-business_suite *
oracle enterprise_communications_broker 3.3
oracle enterprise_data_quality 12.2.1.3.0
oracle enterprise_data_quality 12.2.1.4.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle enterprise_session_border_controller 8.4
oracle enterprise_session_border_controller 9.0
oracle essbase *
oracle essbase *
oracle essbase 11.1.2.4.47
oracle essbase_administration_services *
oracle essbase_administration_services 11.1.2.4.47
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_infrastructure 7.3.3
oracle financial_services_behavior_detection_platform 8.0.7
oracle financial_services_behavior_detection_platform 8.0.8
oracle financial_services_behavior_detection_platform 8.0.11
oracle financial_services_enterprise_case_management 8.0.7
oracle financial_services_enterprise_case_management 8.0.8
oracle financial_services_enterprise_case_management 8.0.11
oracle financial_services_foreign_account_tax_compliance_act_management 8.0.7
oracle financial_services_foreign_account_tax_compliance_act_management 8.0.8
oracle financial_services_foreign_account_tax_compliance_act_management 8.0.11
oracle financial_services_model_management_and_governance *
oracle financial_services_trade-based_anti_money_laundering 8.0.7
oracle financial_services_trade-based_anti_money_laundering 8.0.8
oracle flexcube_investor_servicing 12.0.4
oracle flexcube_investor_servicing 12.1.0
oracle flexcube_investor_servicing 12.3.0
oracle flexcube_investor_servicing 12.4.0
oracle flexcube_investor_servicing 14.4.0
oracle flexcube_investor_servicing 14.5.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle fusion_middleware 12.2.1.3.0
oracle fusion_middleware 12.2.1.4.0
oracle fusion_middleware_mapviewer 12.2.1.4.0
oracle goldengate *
oracle goldengate *
oracle goldengate *
oracle goldengate_application_adapters 19.1.0.0.0
oracle graalvm 20.3.4
oracle graalvm 21.3.0
oracle graph_server_and_client *
oracle health_sciences_clinical_development_analytics 4.0.1
oracle health_sciences_inform_crf_submit 6.2.1
oracle health_sciences_information_manager 3.0.2
oracle health_sciences_information_manager 3.0.3
oracle healthcare_data_repository 7.0.2
oracle healthcare_data_repository 8.1.0
oracle healthcare_data_repository 8.1.1
oracle healthcare_foundation *
oracle healthcare_foundation *
oracle healthcare_foundation 8.1.0
oracle healthcare_foundation 8.1.1
oracle healthcare_translational_research 4.1.0
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
oracle hospitality_opera_5_property_services 5.6
oracle hospitality_reporting_and_analytics 9.1.0
oracle hospitality_suite8 8.10.2
oracle hospitality_suite8 8.11.0
oracle hospitality_suite8 8.12.0
oracle hospitality_suite8 8.13.0
oracle hospitality_suite8 8.14.0
oracle http_server 12.2.1.3.0
oracle http_server 12.2.1.4.0
oracle hyperion_financial_management 11.1.2.4
oracle hyperion_financial_management 11.2.6.0
oracle hyperion_ilearning 6.2
oracle hyperion_ilearning 6.3
oracle hyperion_infrastructure_technology 11.2.7.0
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle insurance_data_gateway 11.0.2
oracle insurance_data_gateway 11.1.0
oracle insurance_data_gateway 11.2.7
oracle insurance_data_gateway 11.3.0
oracle insurance_data_gateway 11.3.1
oracle insurance_insbridge_rating_and_underwriting *
oracle insurance_insbridge_rating_and_underwriting 5.2.0
oracle insurance_policy_administration 11.0.2
oracle insurance_policy_administration 11.1.0
oracle insurance_policy_administration 11.2.7
oracle insurance_policy_administration 11.3.0
oracle insurance_policy_administration 11.3.1
oracle insurance_policy_administration_j2ee *
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_rules_palette *
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette 11.0.2
oracle insurance_rules_palette 11.3.1
oracle java_se 7u321
oracle java_se 8u311
oracle java_se 17.1
oracle jd_edwards_enterpriseone_orchestrator *
oracle jdk 11.0.13
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle mysql_cluster *
oracle mysql_cluster *
oracle mysql_cluster *
oracle mysql_cluster *
oracle mysql_connectors *
oracle mysql_connectors 8.0.27
oracle mysql_server *
oracle mysql_server *
oracle mysql_server 5.7.36
oracle mysql_workbench *
oracle nosql_database *
oracle oss_support_tools *
oracle peoplesoft_enterprise_cs_sa_integration_pack 9.0
oracle peoplesoft_enterprise_cs_sa_integration_pack 9.2
oracle peoplesoft_enterprise_people_tools 8.57
oracle peoplesoft_enterprise_people_tools 8.58
oracle peoplesoft_enterprise_people_tools 8.59
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle policy_automation *
oracle policy_automation 10.4.7
oracle primavera_analytics 18.8.3.3
oracle primavera_analytics 19.12.11.1
oracle primavera_analytics 20.12.12.0
oracle primavera_data_warehouse 18.8.3.3
oracle primavera_data_warehouse 19.12.11.1
oracle primavera_data_warehouse 20.12.12.0
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_p6_professional_project_management *
oracle primavera_p6_professional_project_management *
oracle primavera_p6_professional_project_management *
oracle primavera_p6_professional_project_management *
oracle primavera_portfolio_management *
oracle primavera_portfolio_management *
oracle primavera_portfolio_management 20.0.0.0
oracle primavera_portfolio_management 20.0.0.1
oracle primavera_unifier *
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle rapid_planning *
oracle real-time_decision_server 3.2.0.0
oracle real_user_experience_insight 13.4.1.0
oracle real_user_experience_insight 13.5.1.0
oracle rest_data_services 21.2.4
oracle retail_allocation 14.1.3.2
oracle retail_allocation 15.0.3.1
oracle retail_allocation 16.0.3
oracle retail_allocation 19.0.1
oracle retail_analytics *
oracle retail_assortment_planning 16.0.3
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights *
oracle retail_customer_management_and_segmentation_foundation *
oracle retail_eftlink 16.0.3
oracle retail_eftlink 17.0.2
oracle retail_eftlink 18.0.1
oracle retail_eftlink 19.0.1
oracle retail_eftlink 20.0.1
oracle retail_extract_transform_and_load 13.2.8
oracle retail_financial_integration 14.1.3.2
oracle retail_financial_integration 15.0.3.1
oracle retail_financial_integration 16.0.3
oracle retail_financial_integration 19.0.1
oracle retail_fiscal_management 14.2
oracle retail_integration_bus *
oracle retail_integration_bus 13.0
oracle retail_integration_bus 14.1.3.0
oracle retail_integration_bus 14.1.3.2
oracle retail_integration_bus 15.0.3.1
oracle retail_integration_bus 19.0.0
oracle retail_integration_bus 19.0.1
oracle retail_invoice_matching 15.0.3
oracle retail_invoice_matching 16.0.3
oracle retail_merchandising_system 19.0.1
oracle retail_order_broker 16.0
oracle retail_order_broker 18.0
oracle retail_order_broker 19.1
oracle retail_order_management_system 19.5
oracle retail_point-of-sale 14.1
oracle retail_predictive_application_server 14.1.3
oracle retail_predictive_application_server 14.1.3.46
oracle retail_predictive_application_server 15.0.3
oracle retail_predictive_application_server 15.0.3.115
oracle retail_predictive_application_server 16.0.3
oracle retail_predictive_application_server 16.0.3.240
oracle retail_price_management 13.2
oracle retail_price_management 14.0.4
oracle retail_price_management 14.1
oracle retail_price_management 14.1.3
oracle retail_price_management 15.0
oracle retail_price_management 15.0.3
oracle retail_price_management 16.0
oracle retail_price_management 16.0.3
oracle retail_returns_management 14.1
oracle retail_service_backbone *
oracle retail_service_backbone 14.1.3.0
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 15.0.3.1
oracle retail_service_backbone 19.0.0
oracle retail_service_backbone 19.0.1
oracle retail_size_profile_optimization 16.0.3
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle retail_xstore_point_of_service 20.0.1
oracle sd-wan_aware 8.2
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle secure_backup 18.1.0.1.0
oracle siebel_applications *
oracle spatial_studio 21.2.1
oracle thesaurus_management_system 5.2.3
oracle thesaurus_management_system 5.3.0
oracle thesaurus_management_system 5.3.1
oracle timesten_in-memory_database *
oracle timesten_in-memory_database *
oracle utilities_framework *
oracle utilities_framework 4.2.0.2.0
oracle utilities_framework 4.2.0.3.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle utilities_framework 4.4.0.3.0
oracle utilities_testing_accelerator 6.0.0.1.1
oracle utilities_testing_accelerator 6.0.0.2.2
oracle utilities_testing_accelerator 6.0.0.3.1
oracle vm_virtualbox *
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
oracle zfs_storage_appliance_kit 8.8
oracle zfs_storage_application_integration_engineering_software 1.3.3
oracle communications_messaging_server 8.1
oracle solaris 10
oracle solaris 11
oracle fujitsu_m10-1_firmware -
oracle fujitsu_m10-1 -
oracle fujitsu_m10-4_firmware -
oracle fujitsu_m10-4 -
oracle fujitsu_m10-4s_firmware -
oracle fujitsu_m10-4s -
oracle fujitsu_m12-1_firmware -
oracle fujitsu_m12-1 -
oracle fujitsu_m12-2_firmware -
oracle fujitsu_m12-2 -
oracle fujitsu_m12-2s_firmware -
oracle fujitsu_m12-2s -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "552F082C-38E5-49A9-A451-71B6ECAF21B2",
              "versionEndExcluding": "6.0.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "A82A1C19-F8AE-4DA9-891D-247F07D57605",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "E38B943A-B167-4EAD-9308-47FF525BE57A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "6766965C-2991-4559-975B-9E864DF8F10D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "E6CD7403-23C7-488F-84EC-1F0C675E87D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "A0033893-4CA9-41F4-8FF0-3BE20F5BE1C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:hibernate_validator:6.1.0:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "EEB7C69E-FA13-43AB-89AD-FE1E4687E02A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:fuse:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "077732DB-F5F3-4E9C-9AC0-8142AB85B32F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_data_grid:-:*:*:*:text-only:*:*:*",
              "matchCriteriaId": "2BF03A52-4068-47EA-8846-1E5FB708CE1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:-:*:*:*:text-only:*:*:*",
              "matchCriteriaId": "B8423D7F-3A8F-4AD8-BF51-245C9D8DD816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_application_runtimes:-:*:*:*:text-only:*:*:*",
              "matchCriteriaId": "ADB40F59-CAAE-47D6-850C-12619D8D5B34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:-:*:*:*:text-only:*:*:*",
              "matchCriteriaId": "341E6313-20D5-44CB-9719-B20585DC5AD6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:netapp:element:-:*:*:*:*:vcenter_server:*:*",
              "matchCriteriaId": "5E1DE4F5-9094-4C73-AA1B-5C902F38DD24",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:access_manager:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A287FA5D-D7D9-40B4-8DB2-1D7CE1808408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:access_manager:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "20EB3430-0FF2-4668-BB20-A5611ACC73F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "432BFCF5-A5DC-487C-A111-DE70AB3FCDAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_integration_pack:3.6:*:*:*:*:e-business_suite:*:*",
              "matchCriteriaId": "5B62CB3B-FDDF-4AFF-A47E-6ADE6504D451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06480458-3216-4C42-9270-F68A41EEC147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "480BF1CB-11D7-4D86-A99E-960F316F2E1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_express:21.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB124AD9-8000-449B-8219-0FF011F86B03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F84E5662-0289-4ED5-A112-BC506508216C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD312681-73A4-4B21-BDE8-50DED7E3E0CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67940FD-3BA7-40A8-8E40-44B37D23E2DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE6EB4DE-33DA-4810-96BD-29C82B433714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_analytics:8.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C446826-EF5B-4937-ADB4-1102F9F39304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7FCB446-49A7-48B9-8808-E72A4E2E48C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E9B2F53-257E-49E2-83C3-0840BDB4D67C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CF34B1B-0FC0-4EA6-830D-D2191337D451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "09B79608-5D94-45C3-ADF0-B181B92C3014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "25193811-46CE-4A0E-B22D-67BE99FAD450",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869D51B3-FB50-4BD6-8A0C-D0984267525F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "08B8F413-2000-493B-82B1-BEFE343BB8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "042269E6-D3B4-4867-86FA-9301FACA9FF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E60C0966-BF0D-4D18-B09B-5D0BB96DBFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0FCD3BC-33D8-49D1-844B-6B9DE0CA4997",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_managment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05E4EB25-7B7A-4A10-A535-8C7CA4D6FEB6",
              "versionEndIncluding": "2.4.0",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D0F559E-0790-461B-ACED-5B00F4D40893",
              "versionEndIncluding": "2.4.1",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C83DA9A0-2EBC-4298-8412-1A7C4DC88C2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:23.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BEF828F5-C666-40DA-98DD-CDF658D7090B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8461A2-428C-4817-92A9-0C671545698D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:5.9.0.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B602F9E8-1580-436C-A26D-6E6F8121A583",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2CEA84-0983-4C40-B923-99244ABCF32D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD798A8-38B7-42C1-9043-863D16CE7ACA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F012E976-E219-46C2-8177-60ED859594BE",
              "versionEndIncluding": "11.3.2",
              "versionStartIncluding": "11.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "787E2C1B-9BAD-4018-8495-E9BE75628BB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0111372-B39F-4B3D-8136-44C2C1CFD12B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A9E4125-B744-4A9D-BFE6-5D82939958FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261212BD-125A-487F-97E8-A9587935DFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4063FAD6-21D4-42C7-87C0-D299532E0982",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E8A8C3-253A-4BDD-9AD2-4445DC387B4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98FB24DB-AF91-48D0-9CA5-C8250D183FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868E7C46-7E45-4CFA-8A25-7CBFED912096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC12B43F-30F6-4B05-AB3A-E91D8404D5A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D423B62-8EFE-4EFD-A986-5F5ECE5B892F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E463039-5E48-4AA0-A42B-081053FA0111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAEB09CA-9352-43CD-AF66-92BE416E039C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45E5C9B0-AB25-4744-88E4-FD0C4A853001",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A442DA9E-FF9A-4C51-9D3E-68D09C8BB472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "59275C23-53C0-4890-A941-A71226B50CFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0535B116-57D6-4448-86A2-09BCE50894B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8",
              "versionEndIncluding": "12.0.4.0.0",
              "versionStartIncluding": "12.0.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F88A2F3-E201-4C68-8D11-0A5C76CDB071",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD877F8-E6EF-4314-AAC0-36F81F4908DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D7356B6-E197-4978-BF18-2CFD4D350A76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "93BE4838-1144-4A6A-ABDB-F2766E64C91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B54457C-8305-4F82-BE1E-DBA030A8E676",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C756C62B-E655-4770-8E85-B1995889E416",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "93F65B4C-59D5-450A-9955-7FDA32252B0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67AA54B-258D-4D09-9ACB-4085E0B3E585",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_route:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6BD600E-F3E9-40CE-9414-1D4506ACC1D8",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "95A3E946-BBD5-4BCB-B864-FB3BF5DE56D0",
              "versionEndIncluding": "16.4",
              "versionStartIncluding": "16.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26940103-F37C-4FBD-BDFD-528A497209D6",
              "versionEndIncluding": "12.0.4.0.0",
              "versionStartIncluding": "12.0.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F545DFC9-F331-4E1D-BACB-3D26873E5858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBE1A019-7BB6-4226-8AC4-9D6927ADAEFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B98BAEB2-A540-4E8A-A946-C4331B913AFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8FBE260-E306-4215-80C0-D2D27CA43E0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6235EAE-47DD-4292-9941-6FF8D0A83843",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C416FD3-2E2F-4BBC-BD5F-F896825883F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D886339E-EDB2-4879-BD54-1800E4CA9CAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EBC7EB1-FD72-4BFC-92CC-7C8B8E462D7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6814B606-D054-433C-A46E-0F6E338E1C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F05AF4B-A747-4314-95AE-F8495479AB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:12.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A7D10EB-D98F-4B80-AB9F-D8A9FC813E1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:12.1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F3D40B7-925C-413D-AFF3-60BF330D5BC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2204841-585F-40C7-A1D9-C34E612808CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:21c:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB96A21-161F-42A9-9402-FABEC9C0C15A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "132DE874-6E47-452A-9FDD-27D5A41F046E",
              "versionEndIncluding": "12.2.11",
              "versionStartIncluding": "12.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A",
              "versionEndIncluding": "12.6.4",
              "versionStartIncluding": "12.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:e-business_suite:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E6DF81E-E392-49E5-ADF4-510A3737A5CE",
              "versionEndIncluding": "12.2.11",
              "versionStartIncluding": "12.2.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE83BC6-5A6F-40A1-AAC7-314A575D8E07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80555C7-DA1C-472C-9467-19554DCE4476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C78A7E07-AB08-46C5-942D-B40BBE0C0D06",
              "versionEndExcluding": "11.1.2.4.47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3197F464-F0A5-4BD4-9068-65CD448D8F4C",
              "versionEndExcluding": "21.3",
              "versionStartIncluding": "21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase:11.1.2.4.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "809FD6D6-D05D-4387-A725-F707015DEFBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase_administration_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A093A76C-4B2C-4FAD-BFDF-09862F831102",
              "versionEndExcluding": "11.1.2.4.47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase_administration_services:11.1.2.4.47:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A1277A9-C49C-4840-A118-986C10A07657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C",
              "versionEndIncluding": "8.1.1",
              "versionStartIncluding": "8.0.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:7.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "03B9F810-EF80-4551-BA6D-027B0B2A787D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AC36036-07CE-4903-8FFB-445C6908F0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "435FDFA1-BF6A-499D-BDB6-88A26648DFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB3F3F63-9543-4568-BCB1-1CAF88384142",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC0C4CA4-1694-474E-8272-CF96E168D962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "93E953D0-9C0C-4B03-9939-384A1F7E2BC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "767CC73D-2771-4BBC-9D74-4416AEC6BB2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE3EA23-045D-474C-ABD8-916930D4E9E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8FD060-E9A8-499C-87B0-AF7BBED7771F",
              "versionEndIncluding": "8.1.1",
              "versionStartIncluding": "8.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "10BBAD37-51A1-4819-807B-2642E9D4A69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "524429D6-8AF1-4713-A9B8-678B50A3762F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED21B958-0FD0-4697-9CE2-266DEE4E29DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2177A5E9-B260-499E-8D60-920679518425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA86EF7E-6162-4244-9C88-7AF5CAB787E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE5EA810-3110-4343-9054-0FCFCD608C25",
              "versionEndExcluding": "12.3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "78A48EA9-1CAB-4DD2-9DAD-0213F6EFC48C",
              "versionEndExcluding": "19.1.0.0.220118",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71050E24-6915-4B5E-98ED-AFAA6C2FF38B",
              "versionEndExcluding": "21.5.0.0.220118",
              "versionStartIncluding": "21.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:20.3.4:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "9F300E13-1B40-4B35-ACA5-4D402CD41055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graalvm:21.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B10E38A6-783C-45A2-98A1-12FA1EB3D3AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29312DB7-AFD2-459E-A166-95437ABED12C",
              "versionEndExcluding": "21.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB8797ED-52E7-47B6-9F78-E2402671CCAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C10FBE-FD9A-4739-9303-5B6FC7551D66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF45C905-9EFF-4108-9B70-9FFDDD6627A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F88FB6C5-D797-4017-A285-D3BB24B55429",
              "versionEndIncluding": "7.3.0.2",
              "versionStartIncluding": "7.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D747A956-40A6-47D8-A813-FA4E13CB557F",
              "versionEndIncluding": "8.0.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E67501BE-206A-49FD-8CBA-22935DF917F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F04B1BA-EA84-4AA3-B208-DECC33E192EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F5B430-8BA1-4865-93B5-0DE89F424B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_opera_5_property_services:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C177E1-66B8-4AB7-A3F0-B6CCDCC28F75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A577DCD3-6730-441A-B3BD-6199483FB1E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "577A07A9-DBB1-49E6-B2CC-60B917097472",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_financial_management:11.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "49706536-CE9B-4713-8460-CC961B50C341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_financial_management:11.2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F77F79-5E93-4FC2-84F2-26AF52B4C08A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_ilearning:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "781049BF-3467-4DB5-89D4-6A76984E0261",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_ilearning:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "058F9FC3-CA81-43BF-B083-DA8BE388E00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C13DE5-CA3C-414F-8813-BB0847433151",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4EE554-DFE7-4C16-BC98-574DC97FC85C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE4160ED-75F2-4499-AC6C-90CD092A46E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F03BFDA-6904-42D7-8170-D6FD143BB16C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C85900AC-11DA-4FA8-A1E0-270240BF4B0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87B4051B-EB98-4D10-99D9-F15B44DBC7F0",
              "versionEndIncluding": "5.6.0",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00C9E689-ED91-4A9D-B9C0-5BF4EC131409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EFA1879-0BF9-4493-9145-15100BC38C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF958C28-4289-4433-8CD9-B6551F01926F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B51896-E4DA-4FDA-979F-481FFB3E588A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:7u321:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F0BF15F-D4D2-4A88-BA15-79B624C4AC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:8u311:*:*:*:*:*:*:*",
              "matchCriteriaId": "D63E2911-7DA8-41AC-AB7A-1AA29076F69F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:java_se:17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "674AFFA3-E9BA-4AFD-9A73-2A4A9DE427E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D65139-BB80-4713-8E59-6CA1116DCC1D",
              "versionEndExcluding": "9.2.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdk:11.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F43D86-B696-41E4-A288-6A2D43A1774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC7290F2-AF21-49B9-B3EF-869B7DE1A2AC",
              "versionEndExcluding": "7.4.34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00D3ECDE-287B-4336-898A-0DFEBE2AB6C3",
              "versionEndExcluding": "7.5.24",
              "versionStartIncluding": "7.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "105CBFD5-20DF-4BF0-9629-B87AF404E33D",
              "versionEndExcluding": "7.6.20",
              "versionStartIncluding": "7.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_cluster:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E248F8CE-5B39-457D-A47E-620858340840",
              "versionEndExcluding": "8.0.27",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CD3AAAD-5F6E-4A3C-9CFC-EC4866628ABD",
              "versionEndExcluding": "8.0.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_connectors:8.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E1912FB-8ABF-4640-92E7-367A4923267C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C9E5736-6015-499E-A452-227DCFB87DA7",
              "versionEndExcluding": "5.7.36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2B0D740-75B1-4953-A99F-965F999FDC64",
              "versionEndExcluding": "8.0.27",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:5.7.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3F3390B-4081-473F-A5E0-B5E3A3888F04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C56CECB-6B97-406C-8761-8B7F74CA7DEF",
              "versionEndExcluding": "8.0.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:nosql_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7167D144-C4AE-487F-B59A-888E10EA59DF",
              "versionEndExcluding": "21.1.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B",
              "versionEndExcluding": "2.12.42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4859861-C2EC-489F-A3B7-ACF85C709C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_cs_sa_integration_pack:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "247C0D05-C76B-44BC-8750-C716FF980D70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2CB2872-747C-47AC-8463-DD759BF105B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DBC53C9-75EC-46F7-907D-63BB74864CD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_people_tools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "D370F2E3-EF8A-440C-8319-D52FA3431428",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6",
              "versionEndIncluding": "12.2.24",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA9948AB-0CA6-4148-949C-E500466B45F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56D17905-5E69-4BD5-973B-30662AC3D678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70E72A74-F6A9-48EE-9279-3D9E53C2EC30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14C6AB5-CC45-4753-A60F-1F527B063127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "583BBDF1-DBE4-486D-ABF8-7D2B0408490A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9810151-6F80-48FD-A51E-F063EB2B7324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAB9BA0D-7149-4221-A5AE-D4664E11C86F",
              "versionEndIncluding": "17.12.0.0-17.12.20.0",
              "versionStartIncluding": "17.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE4EAC8-A743-4658-AD72-088A5E747180",
              "versionEndIncluding": "18.8.24.0",
              "versionStartIncluding": "18.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E867F5E0-48A0-4D84-A0CA-A428FB2264D4",
              "versionEndIncluding": "17.12.20.0",
              "versionStartIncluding": "17.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05B3FCDE-7EF8-49CA-9C09-9033E5D7B91E",
              "versionEndIncluding": "18.8.24.0",
              "versionStartIncluding": "18.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "05848067-59FF-4C90-A8BA-D1E4311B3A82",
              "versionEndIncluding": "19.12.17.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC6AD8C8-96ED-4CFB-9953-99139FABCE35",
              "versionEndIncluding": "20.12.9.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67F218D-E827-482B-8417-483713F31D69",
              "versionEndIncluding": "18.0.3.0",
              "versionStartIncluding": "18.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ADB354B-AD0D-4EFA-B7C6-71A35FA0AFF9",
              "versionEndIncluding": "19.0.1.2",
              "versionStartIncluding": "19.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "53B3B01A-532C-45B7-9BFC-19AABF55644B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_portfolio_management:20.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "683ABA64-9F16-4C23-8AF3-BB0C19FED9B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE004F32-F4DA-45A8-AD11-8924C4F1076A",
              "versionEndIncluding": "12.2.11",
              "versionStartIncluding": "12.2.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C914A8CA-352B-4B02-8A2F-D5A6EC04AF53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CADD7026-EF85-40A5-8563-7A34C6941B1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F019E8-F68D-41B5-9480-0A81616F2E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:21.2.4:*:*:*:-:*:*:*",
              "matchCriteriaId": "12F5FDCF-EA13-44F1-B3D8-94310CD3841C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_allocation:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51E83F05-B691-4450-BCA9-32209AEC4F6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_allocation:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "288235F9-2F9E-469A-BE14-9089D0782875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_allocation:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6672F9C1-DA04-47F1-B699-C171511ACE38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_allocation:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11E57939-A543-44F7-942A-88690E39EABA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90D4D479-0294-4F31-B719-8544C8DC4554",
              "versionEndIncluding": "16.0.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08DF20EA-D1A6-4437-90F6-C0C40273CE5B",
              "versionEndIncluding": "16.0.2",
              "versionStartIncluding": "16.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
              "versionEndIncluding": "19.0",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3796186-D3A7-4259-846B-165AD9CEB7F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDA5540-692D-47DA-9F68-83158D9AE628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5435583-C454-4AC9-8A35-D2D30EB252EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A921C710-1C59-429F-B985-67C0DBFD695E",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "40AABFD3-1D0D-4C6B-BA9A-9DA70241B51C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EEF867A-587A-45E1-B2F6-0B903903F0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDF4CB0-4680-449A-8576-915721D59500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0472632-4104-4397-B619-C4E86A748465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "9002379B-4FDA-44F3-98EB-0C9B6083E429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B038D-7F60-482D-87AD-B58BEA35558E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB86C644-7B79-4F87-A06D-C178E8C2B8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1A9B0C-735A-40B4-901C-663CF5162E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B956113-5B3B-436D-858B-8F29FB304364",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0DD7FAB-0E0F-4319-95BF-C90881CE2E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC456422-00B5-498E-A28E-EA834367D943",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFC5F424-119D-4C66-8251-E735EEFBC0BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C745606-0EF8-4E57-BFBC-C3FB39CB7E1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE45891-A6A5-4699-90A6-6F49E60A7987",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "054F9E62-A6D6-4850-83AD-3628C74A4384",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D14A54A-4B04-41DE-B731-844D8AC3BE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ACC94B-4A9F-451D-B639-6008A108BDDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_applications:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CA63BB4-27A9-4B26-B01C-1F527C7B9454",
              "versionEndExcluding": "21.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:spatial_studio:21.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D926BD38-E66E-41DA-9F65-40D68F8D8890",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E3B232-073E-433B-977A-1742B75109B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F6FDC33-D57E-4C6A-B633-BFC587147037",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3B01572-9D32-44B2-8FCF-C282C887DB51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920",
              "versionEndExcluding": "11.2.2.8.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "34656ECE-15CB-495C-8573-7C98B383F15B",
              "versionEndExcluding": "21.1.1.1.0",
              "versionStartIncluding": "21.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "91A2A4B0-88FC-41D1-8719-4FAABED19F8E",
              "versionEndExcluding": "6.1.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB85582D-0106-47F1-894F-0BC4FF0B5462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7569C0BD-16C1-441E-BAEB-840C94BE73EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
              "matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:fujitsu_m10-1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DB505EC-A54C-4033-B3A6-24CEF87A855D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:oracle:fujitsu_m10-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F63BFBA-A4D8-43D1-A13E-DEED6AEF596B",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:fujitsu_m10-4_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4A48DA6-C5A5-4B3D-B43B-31380223A55A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:oracle:fujitsu_m10-4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BB5347-D09D-4FC5-9F1C-7F3E036C18AD",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:fujitsu_m10-4s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB27AABE-079B-4DF0-ABEF-0D3329685B1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:oracle:fujitsu_m10-4s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "529D4274-F33B-47C7-A3FB-6F86096FD955",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:fujitsu_m12-1_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D2D622F-E345-4A4D-861F-6460DF56880C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:oracle:fujitsu_m12-1:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A534E662-66B7-448B-A763-6B043112C877",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:fujitsu_m12-2_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBEE0C8-CC99-4A25-9342-208D4DB91AAD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:oracle:fujitsu_m12-2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "95541D18-5C33-49E9-924D-0B21162EC2C4",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:fujitsu_m12-2s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE5C60CD-F890-4E3F-A2C3-9153591E7647",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:oracle:fujitsu_m12-2s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22FD4F61-0A4F-4C74-A852-B1CD3639E1D8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad fue encontrada en Hibernate-Validator. La anotaci\u00f3n del validador SafeHtml no puede sanear apropiadamente las cargas \u00fatiles que consisten en c\u00f3digo potencialmente malicioso en los comentarios e instrucciones HTML. Esta vulnerabilidad puede resultar en un ataque de tipo XSS."
    }
  ],
  "id": "CVE-2019-10219",
  "lastModified": "2024-11-21T04:18:40.947",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-11-08T15:15:11.157",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0159"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0160"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0161"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0164"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0445"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0159"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0160"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0161"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-01-10 14:10
Modified
2024-11-21 05:49
Summary
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40A4C428-885A-4230-B690-497F5A529523",
              "versionEndIncluding": "5.2.18",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B362C053-E88C-4118-96C3-F6C8C1DE5948",
              "versionEndIncluding": "5.3.13",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase."
    },
    {
      "lang": "es",
      "value": "En Spring Framework versiones 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, y en las versiones anteriores no soportadas, es posible que un usuario proporcione una entrada maliciosa que cause una inserci\u00f3n de entradas de registro adicionales. Se trata de un seguimiento de CVE-2021-22096 que protege contra tipos adicionales de entrada y en m\u00e1s lugares de la base de c\u00f3digo de Spring Framework"
    }
  ],
  "id": "CVE-2021-22060",
  "lastModified": "2024-11-21T05:49:31.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:10:16.680",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2021-22060"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2021-22060"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-01-10 14:10
Modified
2024-11-21 05:50
Summary
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:google:google-protobuf:*:*:*:*:*:ruby:*:*",
              "matchCriteriaId": "01422CF6-13DE-42DF-A6FF-67E70D40DE6E",
              "versionEndExcluding": "3.19.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CAAA7EA-1EE1-433E-939A-B25BDE08FF22",
              "versionEndExcluding": "3.16.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBBE87EA-F13D-4A0A-AF42-A361AB4F6611",
              "versionEndExcluding": "3.18.2",
              "versionStartIncluding": "3.18.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-java:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5707A6F9-0CEC-4CAA-B860-EBFA2D525B64",
              "versionEndExcluding": "3.19.2",
              "versionStartIncluding": "3.19.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A252BD12-1555-4E89-B671-D459D3F149E0",
              "versionEndExcluding": "3.18.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:google:protobuf-kotlin:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "329F610C-F8CB-4009-B3A2-D0CB7FDDCB28",
              "versionEndExcluding": "3.19.2",
              "versionStartIncluding": "3.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5291552-F823-48E6-B9D8-E94740C4CEFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:spatial_and_graph_mapviewer:21c:*:*:*:*:*:*:*",
              "matchCriteriaId": "051613BE-6E8E-4865-8DA5-24352E9B9AD0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions."
    },
    {
      "lang": "es",
      "value": "Un problema en protobuf-java permit\u00eda intercalar campos com.google.protobuf.UnknownFieldSet de tal manera que eran procesados fuera de orden. Una peque\u00f1a carga \u00fatil maliciosa puede ocupar el analizador durante varios minutos al crear un gran n\u00famero de objetos de corta duraci\u00f3n que causan frecuentes y repetidas pausas. Recomendamos actualizar las bibliotecas m\u00e1s all\u00e1 de las versiones vulnerables"
    }
  ],
  "id": "CVE-2021-22569",
  "lastModified": "2024-11-21T05:50:20.647",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "cve-coordination@google.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-01-10T14:10:16.747",
  "references": [
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
    },
    {
      "source": "cve-coordination@google.com",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
    },
    {
      "source": "cve-coordination@google.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "cve-coordination@google.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-696"
        }
      ],
      "source": "cve-coordination@google.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-26 17:15
Modified
2024-11-21 05:46
Summary
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDB9A229-3B62-487E-B31D-580445DAFE8D",
              "versionEndIncluding": "4.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D115261-69F8-4854-B5DE-656858132B62",
              "versionEndExcluding": "1.13.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un fallo en RESTEasy en todas las versiones de RESTEasy hasta 4.6.0.Final.\u0026#xa0;Los nombres de m\u00e9todos y clases de endpoint son devueltos como parte de la respuesta de excepci\u00f3n cuando RESTEasy no puede convertir uno de los valores de consulta o ruta del URI de petici\u00f3n a el valor del par\u00e1metro de m\u00e9todo del recurso JAX-RS correspondiente.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad de los datos."
    }
  ],
  "id": "CVE-2021-20289",
  "lastModified": "2024-11-21T05:46:17.387",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-26T17:15:13.217",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-209"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-03-11 07:15
Modified
2024-11-21 05:29
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2816Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/05/msg00001.htmlExploit, Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2022/11/msg00035.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20220506-0004/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2022/dsa-5283Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2816Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/05/msg00001.htmlExploit, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/11/msg00035.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220506-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5283Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
oracle big_data_spatial_and_graph *
oracle coherence 14.1.1.0.0
oracle commerce_platform 11.3.0
oracle commerce_platform 11.3.1
oracle commerce_platform 11.3.2
oracle communications_billing_and_revenue_management *
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_network_repository_function 22.1.2
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.1
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
oracle communications_cloud_native_core_service_communication_proxy 22.2.0
oracle communications_cloud_native_core_unified_data_repository 22.2.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_infrastructure 8.1.1.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.1
oracle financial_services_behavior_detection_platform *
oracle financial_services_behavior_detection_platform 8.0.7.0.0
oracle financial_services_behavior_detection_platform 8.0.8
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle financial_services_enterprise_case_management *
oracle financial_services_enterprise_case_management 8.0.7.1
oracle financial_services_enterprise_case_management 8.0.7.2
oracle financial_services_enterprise_case_management 8.0.8.0
oracle financial_services_enterprise_case_management 8.0.8.1
oracle financial_services_trade-based_anti_money_laundering 8.0.7
oracle financial_services_trade-based_anti_money_laundering 8.0.8
oracle global_lifecycle_management_nextgen_oui_framework *
oracle global_lifecycle_management_nextgen_oui_framework 13.9.4.2.2
oracle global_lifecycle_management_opatch *
oracle graph_server_and_client *
oracle health_sciences_empirica_signal 9.1.0.5.2
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_unifier *
oracle primavera_unifier 18.0
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle retail_sales_audit 15.0.3.1
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle spatial_studio *
oracle utilities_framework 4.3.0.5.0
oracle utilities_framework 4.3.0.6.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle utilities_framework 4.4.0.3.0
oracle utilities_framework 4.4.0.5.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp cloud_insights_acquisition_unit -
netapp oncommand_insight -
netapp oncommand_workflow_automation -
netapp snap_creator_framework -



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4445932-0923-4D28-8911-CFC9B61DFE2B",
              "versionEndExcluding": "2.12.6.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "862ED616-15D6-42A2-88DB-9D3F304EFB5D",
              "versionEndExcluding": "2.13.2.1",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
              "versionEndExcluding": "23.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "869CDD22-4A6C-4665-AA37-E340B07EF81C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCE2010E-A144-4ED2-B73D-1CA3800A8F71",
              "versionEndIncluding": "12.0.0.6.0",
              "versionStartIncluding": "12.0.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A264E0DE-209D-49B1-8B26-51AB8BBC97F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F4637E5-3324-441D-94E9-C2DBE9A6B502",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4E817B5-A26B-4EA8-BA93-F87F42114FF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74810125-09E6-4F27-B541-AFB61112AC56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69F21EC6-EC2F-4E96-A9DE-621B84105304",
              "versionEndIncluding": "8.1.0.0",
              "versionStartIncluding": "8.0.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC69CF0-6269-40F5-871B-16CFD5EC4C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB82398-7281-47CF-81F9-A8A67D9C9DFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD9AC3A6-9B91-4B55-A320-A40E95F21058",
              "versionEndIncluding": "8.1.2.1",
              "versionStartIncluding": "8.1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9319627-379D-4069-8AC9-512D411F22DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AC36036-07CE-4903-8FFB-445C6908F0CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F77FFB-558E-4740-A63E-B702EE12EF68",
              "versionEndIncluding": "8.1.2.1",
              "versionStartIncluding": "8.1.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C64D669C-513E-4C53-8BB8-13EB336CDC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4BDDBCD-4038-4BEC-91DB-587C2FBC6369",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6394E90-2F2C-4955-9F97-BFED76D4333B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B5DC0C1-789B-4126-8C6D-DEDE83AA2D2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "10BBAD37-51A1-4819-807B-2642E9D4A69C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE85204F-614D-4EF1-ABEB-B3CD381C2CB0",
              "versionEndExcluding": "13.9.4.2.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_nextgen_oui_framework:13.9.4.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A6FFB5C-EB44-499F-BE81-24ED2B1F201A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F0728F8-14D0-4282-9CA7-EFCD68EE77AF",
              "versionEndExcluding": "12.2.0.1.30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "097A31AB-B77F-4DC5-9CD8-AC3A403607AA",
              "versionEndExcluding": "22.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "42F4D251-489F-41C8-BFA3-B51A1B69028D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04DF183-EBCB-456E-90F9-A8500E6E32B7",
              "versionEndIncluding": "18.8.14",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D30B0D1-4466-4601-8822-CE8ADBB381FB",
              "versionEndIncluding": "19.12.13",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "17DE4709-5FFB-4E70-9416-553D89149D51",
              "versionEndIncluding": "20.12.18",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2982311E-B89A-4F9A-8BD2-44635DDDC10B",
              "versionEndIncluding": "21.12.1",
              "versionStartIncluding": "21.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "050C3F61-FD74-4B62-BBC7-FFF05B22FB34",
              "versionEndIncluding": "17.12.20.4",
              "versionStartIncluding": "17.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD0A17FC-BFA9-4EA5-8D4F-1CEC5BC11AA7",
              "versionEndIncluding": "18.8.25.4",
              "versionStartIncluding": "18.8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BC6277C-7C2F-49E1-8A68-4C726A087F74",
              "versionEndIncluding": "19.12.19.0",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C383F1DE-32E0-4E77-9C5F-2D91893F458E",
              "versionEndIncluding": "21.12.4.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AFBEE29-1972-40B1-ADD6-536D5C74D4EA",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "951EC479-1B04-49C9-8381-D849685E7517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B32D7B0-CAE2-4B31-94C4-6124356C12B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E244A7B-EB39-4A84-BB01-EB09037A701F",
              "versionEndExcluding": "20.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5BBA303-8D2B-48C5-B52A-4E192166699C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.3.0.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF02546-3F0D-4FDD-89B1-8A3FE43FB5BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4DAAD73-FE86-4934-AB1A-A60E840C6C1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_insights_acquisition_unit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCAA4004-9319-478C-9D55-0E8307F872F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects."
    },
    {
      "lang": "es",
      "value": "jackson-databind versiones anteriores a 2.13.0, permite una excepci\u00f3n Java StackOverflow y una denegaci\u00f3n de servicio por medio de una gran profundidad de objetos anidados"
    }
  ],
  "id": "CVE-2020-36518",
  "lastModified": "2024-11-21T05:29:44.297",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-11T07:15:07.800",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2816"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5283"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2816"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5283"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-03-03 22:15
Modified
2024-11-21 06:47
Severity ?
Summary
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.



{
  "cisaActionDue": "2022-06-06",
  "cisaExploitAdd": "2022-05-16",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "VMware Spring Cloud Gateway Code Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED6E19AB-5568-4296-99CD-DC54EC30E518",
              "versionEndExcluding": "3.0.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_gateway:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "71D24F3E-9DA8-491B-841F-BDF95B8000B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A264E0DE-209D-49B1-8B26-51AB8BBC97F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host."
    },
    {
      "lang": "es",
      "value": "En spring cloud gateway versiones anteriores a 3.1.1+ y a 3.0.7+ , las aplicaciones son vulnerables a un ataque de inyecci\u00f3n de c\u00f3digo cuando el endpoint del Actuador de la Puerta de Enlace est\u00e1 habilitado, expuesto y sin seguridad. Un atacante remoto podr\u00eda realizar una petici\u00f3n maliciosamente dise\u00f1ada que podr\u00eda permitir una ejecuci\u00f3n remota arbitraria en el host remoto"
    }
  ],
  "id": "CVE-2022-22947",
  "lastModified": "2024-11-21T06:47:39.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 10.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-03-03T22:15:08.673",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22947"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-12-18 12:15
Modified
2024-11-21 06:31
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/19/1Mailing List, Mitigation, Third Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfThird Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfThird Party Advisory
security@apache.orghttps://logging.apache.org/log4j/2.x/security.htmlRelease Notes, Vendor Advisory
security@apache.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20211218-0001/Third Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-5024Third Party Advisory
security@apache.orghttps://www.kb.cert.org/vuls/id/930724Third Party Advisory, US Government Resource
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
security@apache.orghttps://www.zerodayinitiative.com/advisories/ZDI-21-1541/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/19/1Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://logging.apache.org/log4j/2.x/security.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211218-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-5024Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/930724Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-21-1541/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
apache log4j *
apache log4j *
apache log4j *
netapp cloud_manager -
debian debian_linux 10.0
debian debian_linux 11.0
sonicwall email_security *
sonicwall network_security_manager *
sonicwall network_security_manager *
sonicwall web_application_firewall *
sonicwall 6bk1602-0aa12-0tp0_firmware *
sonicwall 6bk1602-0aa12-0tp0 -
sonicwall 6bk1602-0aa22-0tp0_firmware *
sonicwall 6bk1602-0aa22-0tp0 -
sonicwall 6bk1602-0aa32-0tp0_firmware *
sonicwall 6bk1602-0aa32-0tp0 -
sonicwall 6bk1602-0aa42-0tp0_firmware *
sonicwall 6bk1602-0aa42-0tp0 -
sonicwall 6bk1602-0aa52-0tp0_firmware *
sonicwall 6bk1602-0aa52-0tp0 -
oracle agile_engineering_data_management 6.2.1.0
oracle agile_plm 9.3.6
oracle agile_plm_mcad_connector 3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_deposits_and_lines_of_credit_servicing 2.12.0
oracle banking_enterprise_default_management 2.7.1
oracle banking_enterprise_default_management 2.12.0
oracle banking_loans_servicing 2.12.0
oracle banking_party_management 2.7.0
oracle banking_payments 14.5
oracle banking_platform 2.6.2
oracle banking_platform 2.7.1
oracle banking_platform 2.12.0
oracle banking_trade_finance 14.5
oracle banking_treasury_management 14.5
oracle business_intelligence 5.5.0.0.0
oracle communications_asap 7.3
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_billing_and_revenue_management 12.0.0.5
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_convergence 3.0.2.2.0
oracle communications_convergence 3.0.3.0
oracle communications_convergent_charging_controller *
oracle communications_convergent_charging_controller 6.0.1.0.0
oracle communications_diameter_signaling_router *
oracle communications_eagle_element_management_system 46.6
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_ip_service_activator 7.4.0
oracle communications_messaging_server 8.1
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1.0.0
oracle communications_network_integrity 7.3.6
oracle communications_performance_intelligence_center 10.4.0.3
oracle communications_pricing_design_center 12.0.0.4
oracle communications_pricing_design_center 12.0.0.5
oracle communications_service_broker 6.2
oracle communications_services_gatekeeper 7.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.1
oracle communications_unified_inventory_management 7.4.2
oracle communications_user_data_repository 12.4
oracle communications_webrtc_session_controller 7.2.0.0
oracle communications_webrtc_session_controller 7.2.1
oracle data_integrator 12.2.1.3.0
oracle data_integrator 12.2.1.4.0
oracle e-business_suite 12.2
oracle enterprise_manager_base_platform 13.4.0.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle enterprise_manager_for_peoplesoft 13.4.1.1
oracle enterprise_manager_for_peoplesoft 13.5.1.1
oracle enterprise_manager_ops_center 12.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_model_management_and_governance 8.0.8.0.0
oracle financial_services_model_management_and_governance 8.1.0.0.0
oracle financial_services_model_management_and_governance 8.1.1.0.0
oracle flexcube_universal_banking *
oracle flexcube_universal_banking *
oracle flexcube_universal_banking 11.83.3
oracle flexcube_universal_banking 14.5
oracle health_sciences_empirica_signal 9.1.0.6
oracle health_sciences_empirica_signal 9.2.0.0
oracle health_sciences_inform 6.2.1.1
oracle health_sciences_inform 6.3.2.1
oracle health_sciences_inform 7.0.0.0
oracle health_sciences_information_manager *
oracle healthcare_data_repository 8.1.1
oracle healthcare_foundation *
oracle healthcare_master_person_index 5.0.1
oracle healthcare_translational_research 4.1.0
oracle healthcare_translational_research 4.1.1
oracle hospitality_suite8 8.13.0
oracle hospitality_suite8 8.14.0
oracle hospitality_token_proxy_service 19.2
oracle hyperion_bi\+ *
oracle hyperion_data_relationship_management *
oracle hyperion_infrastructure_technology *
oracle hyperion_planning *
oracle hyperion_profitability_and_cost_management *
oracle hyperion_tax_provision *
oracle identity_management_suite 12.2.1.3.0
oracle identity_management_suite 12.2.1.4.0
oracle identity_manager_connector 9.1.0
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle insurance_data_gateway 1.0.1
oracle insurance_insbridge_rating_and_underwriting *
oracle insurance_insbridge_rating_and_underwriting 5.2.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle jdeveloper 12.2.1.4.0
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle management_cloud_engine 1.5.0
oracle mysql_enterprise_monitor *
oracle payment_interface 19.1
oracle payment_interface 20.3
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0.2
oracle retail_customer_insights 16.0.2
oracle retail_data_extractor_for_merchandising 15.0.2
oracle retail_data_extractor_for_merchandising 16.0.2
oracle retail_eftlink 16.0.3
oracle retail_eftlink 17.0.2
oracle retail_eftlink 18.0.1
oracle retail_eftlink 19.0.1
oracle retail_eftlink 20.0.1
oracle retail_eftlink 21.0.0
oracle retail_financial_integration *
oracle retail_financial_integration 14.1.3.2
oracle retail_financial_integration 15.0.3.1
oracle retail_financial_integration 19.0.0
oracle retail_financial_integration 19.0.1
oracle retail_integration_bus *
oracle retail_integration_bus *
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 14.1.3.2
oracle retail_integration_bus 15.0.3.1
oracle retail_integration_bus 19.0.0
oracle retail_integration_bus 19.0.1
oracle retail_invoice_matching 15.0.3
oracle retail_invoice_matching 16.0.3
oracle retail_merchandising_system 16.0.3
oracle retail_merchandising_system 19.0.1
oracle retail_order_broker 16.0
oracle retail_order_broker 18.0
oracle retail_order_broker 19.1
oracle retail_order_management_system 19.5
oracle retail_point-of-service 14.1
oracle retail_predictive_application_server 14.1.3.46
oracle retail_predictive_application_server 15.0.3.115
oracle retail_predictive_application_server 16.0.3.240
oracle retail_price_management 13.2
oracle retail_price_management 14.0.4
oracle retail_price_management 14.1.3.0
oracle retail_price_management 15.0.3.0
oracle retail_price_management 16.0.3.0
oracle retail_returns_management 14.1
oracle retail_service_backbone *
oracle retail_service_backbone 14.1.3
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 15.0.3.1
oracle retail_service_backbone 19.0.0
oracle retail_service_backbone 19.0.1
oracle retail_service_backbone 19.0.1.0
oracle retail_store_inventory_management 14.0.4.13
oracle retail_store_inventory_management 14.1.3.5
oracle retail_store_inventory_management 14.1.3.14
oracle retail_store_inventory_management 15.0.3.3
oracle retail_store_inventory_management 15.0.3.8
oracle retail_store_inventory_management 16.0.3.7
oracle siebel_ui_framework *
oracle sql_developer *
oracle taleo_platform *
oracle utilities_framework *
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle utilities_framework 4.4.0.3.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle webcenter_sites 12.2.1.3.0
oracle webcenter_sites 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42BCB94E-86D2-4B98-B9E6-5789F2272692",
              "versionEndExcluding": "2.3.1",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19DA22A8-0B29-4181-B44E-57D28D9DB331",
              "versionEndExcluding": "2.12.3",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E2AC03-D49B-4A15-BDA4-61DAF142CEED",
              "versionEndIncluding": "2.16.0",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A",
              "versionEndIncluding": "10.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*",
              "matchCriteriaId": "1EA49667-8F94-4091-B9A9-A94318D83C24",
              "versionEndExcluding": "3.0",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*",
              "matchCriteriaId": "7C1B257C-9442-4C73-91CB-67893A78F0DF",
              "versionEndExcluding": "3.0",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1E667A-9CAA-4382-957A-E4F1A4960E0C",
              "versionEndExcluding": "3.1.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B407FBDB-7900-4F69-B745-809277F26050",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3103225-6440-43F4-9493-131878735B2A",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3A0115-86AB-4677-A026-D99B971D9EF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "914A44DE-C4AA-45A0-AC26-5FAAF576130E",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D1C62CF-414A-4670-9F19-C11A381DB830",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "706A3F00-8489-4735-B09B-34528F7C556A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DCB171-E4C8-4472-8023-20992ABB9348",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C0714E-4255-4095-B26C-70EB193B8F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "123CB9B5-C800-47FD-BD0C-BE44198E97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC452FA-D1D5-4175-9371-F6055818192E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8",
              "versionEndIncluding": "12.0.4.0.0",
              "versionStartIncluding": "12.0.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26940103-F37C-4FBD-BDFD-528A497209D6",
              "versionEndIncluding": "12.0.4.0.0",
              "versionStartIncluding": "12.0.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53600579-4542-4D80-A93C-3E45938C749D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6235EAE-47DD-4292-9941-6FF8D0A83843",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F05AF4B-A747-4314-95AE-F8495479AB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3C968F-4038-4A8D-A345-8CD3F73A653B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "615C7D0D-A9D5-43BA-AF61-373EC1095354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C",
              "versionEndIncluding": "8.1.1",
              "versionStartIncluding": "8.0.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B829B72-7DE0-415F-A1AF-51637F134B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0148D20-089E-4C19-8CA3-07598D8AFBF1",
              "versionEndIncluding": "12.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368",
              "versionEndIncluding": "14.3.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0017AE8C-DBCA-46B4-A036-DF0E289199D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "67013CB6-5FA6-438B-A131-5AEDEBC66723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC5F6E6-3515-439B-9665-3B6151CEF577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BCEC65-25B7-480C-860C-9D97F78CCE3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AEA21E-0B11-44A5-8BFB-550521D8E0D5",
              "versionEndIncluding": "3.0.4",
              "versionStartIncluding": "3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD",
              "versionEndIncluding": "7.3.0.4",
              "versionStartIncluding": "7.3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10774601-93C3-4938-A3E7-3C3D97A6F73C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D45E2D-241B-4839-B255-A81107BF94BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C083F1E-8BF2-48C7-92FB-BD105905258E",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E11E28-78AA-42BB-927D-D22CBDDD62B9",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30927787-2815-4BEF-A7C2-960F92238303",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0ABD2DC-9357-4097-BE62-BB7A4988A01F",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8508EF23-43DC-431F-B410-FD0BA897C371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B85A426-5714-4CEA-8A97-720F882B2D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "604FBBC9-04DC-49D2-AB7A-6124256431AF",
              "versionEndIncluding": "5.6.0.0",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
              "versionEndIncluding": "8.0.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D01A0EC-3846-4A74-A174-3797078DC699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E5FCFB-093A-48E9-8A4E-34C993D2764E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D1C35DF-D30D-42C8-B56D-C809609AB2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "834B4CE7-042E-489F-AE19-0EEA2C37E7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82653579-FF7D-4492-9CA2-B3DF6A708831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3796186-D3A7-4259-846B-165AD9CEB7F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDA5540-692D-47DA-9F68-83158D9AE628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5435583-C454-4AC9-8A35-D2D30EB252EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B95628-F108-424A-8C19-40A5F5B7D37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E03B340-8C77-4DFA-8536-C57656E237D0",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7B0B33-2361-4CF5-8075-F609858A582E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A921C710-1C59-429F-B985-67C0DBFD695E",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9E458AF-0EEC-453E-AA9D-6C79211000AC",
              "versionEndIncluding": "19.0.1.0",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDF4CB0-4680-449A-8576-915721D59500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0472632-4104-4397-B619-C4E86A748465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "9002379B-4FDA-44F3-98EB-0C9B6083E429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B038D-7F60-482D-87AD-B58BEA35558E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB86C644-7B79-4F87-A06D-C178E8C2B8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1A9B0C-735A-40B4-901C-663CF5162E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0791694C-9B4E-42EA-8F6C-899B43B6D769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "312992F0-E65A-4E38-A44C-363A7E157CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1940FD6-39FA-4F92-9625-F215D8051E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE45891-A6A5-4699-90A6-6F49E60A7987",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FCC976-615C-4DE5-9F50-1B25E9553962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D14A54A-4B04-41DE-B731-844D8AC3BE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "88458537-6DE8-4D79-BC71-9D08883AD0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E310654-0793-41CC-B049-C754AC31D016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5B22C6-97AF-4D1B-84C9-987C6F62C401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD9AAE5-9472-49C6-B054-DB76BEB86D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A104FDBD-0B28-44EE-91A0-A0C8939865A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F",
              "versionEndIncluding": "21.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1",
              "versionEndExcluding": "21.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D",
              "versionEndExcluding": "22.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
    },
    {
      "lang": "es",
      "value": "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no proteg\u00edan de la recursi\u00f3n no controlada de las b\u00fasquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegaci\u00f3n de servicio cuando es interpretada una cadena dise\u00f1ada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1"
    }
  ],
  "id": "CVE-2021-45105",
  "lastModified": "2024-11-21T06:31:58.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-18T12:15:07.433",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5024"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2022-04-01 23:15
Modified
2024-11-21 06:47
Severity ?
Summary
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Impacted products
Vendor Product Version
vmware spring_cloud_function *
vmware spring_cloud_function *
oracle banking_branch 14.5
oracle banking_cash_management 14.5
oracle banking_corporate_lending_process_management 14.5
oracle banking_credit_facilities_process_management 14.5
oracle banking_electronic_data_exchange_for_corporates 14.5
oracle banking_liquidity_management 14.2
oracle banking_liquidity_management 14.5
oracle banking_origination 14.5
oracle banking_supply_chain_finance 14.5
oracle banking_trade_finance_process_management 14.5
oracle banking_virtual_account_management 14.5
oracle communications_cloud_native_core_automated_test_suite 1.9.0
oracle communications_cloud_native_core_automated_test_suite 22.1.0
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_console 22.1.0
oracle communications_cloud_native_core_network_exposure_function 22.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 22.1.2
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 22.1.0
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_network_slice_selection_function 22.1.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_policy 22.1.0
oracle communications_cloud_native_core_policy 22.1.3
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_cloud_native_core_unified_data_repository 22.1.0
oracle communications_communications_policy_management 12.6.0.0.0
oracle financial_services_analytical_applications_infrastructure 8.1.1.0
oracle financial_services_analytical_applications_infrastructure 8.1.2.0
oracle financial_services_behavior_detection_platform 8.1.1.0
oracle financial_services_behavior_detection_platform 8.1.1.1
oracle financial_services_behavior_detection_platform 8.1.2.0
oracle financial_services_enterprise_case_management 8.1.1.0
oracle financial_services_enterprise_case_management 8.1.1.1
oracle financial_services_enterprise_case_management 8.1.2.0
oracle mysql_enterprise_monitor *
oracle product_lifecycle_analytics 3.6.1.0
oracle retail_xstore_point_of_service 20.0.1
oracle retail_xstore_point_of_service 21.0.0
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1



{
  "cisaActionDue": "2022-09-15",
  "cisaExploitAdd": "2022-08-25",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "VMware Tanzu Spring Cloud Function Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "905988BB-71EE-49CE-A73C-FBD4488299D2",
              "versionEndIncluding": "3.1.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_cloud_function:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "43C88657-BCAC-40EB-83EB-2FF70F9173A0",
              "versionEndIncluding": "3.2.2",
              "versionStartIncluding": "3.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_branch:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAE9DFCA-E0C2-420D-86D7-5593F12EE945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "626C6209-8BC3-4954-BF0C-51500582457E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EE231C5-8BF0-48F4-81EF-7186814664CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA5FF83-B693-4DAB-B585-0FD641266231",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_electronic_data_exchange_for_corporates:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6B6968A-9EB3-46B6-9BD4-735EFED3F869",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_origination:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D6889DD-D320-470C-BA94-165AC79A3AD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB3A29-0994-46F4-8093-B4A9CE0BD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA4A9041-B9BC-451C-B1BD-4E2FD795BF27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2696CD1-9514-405D-A3B3-8308EC1FA571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4CA84D6-F312-4C29-A02B-050FCB7A902B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DF6C109-E3D3-431C-8101-2FF88763CF5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5BB2213-08E7-497F-B672-556FD682D122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_exposure_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E24426EE-6A3F-413E-A70A-FB98CCD007A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04E6C8E9-2024-496C-9BFD-4548A5B44E2E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E3221BB-E48E-4B28-B84F-C888EE802A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61A7946-F554-44A9-9E41-86114E4B4914",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6577F14-36B6-46A5-A1B1-FCCADA61A23B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0425918A-03F1-4541-BDEF-55B03E07E115",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B0C905A-EA99-4B4E-A350-7F6A63CD6EB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D235B299-9A0E-44FF-84F1-2FFBC070A21D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:22.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2E50B0-64B6-4696-9213-F5D9016058A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_communications_policy_management:12.6.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "570DB369-A31B-4108-A7FD-09F674129603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3CC69CF0-6269-40F5-871B-16CFD5EC4C45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "172BECE8-9626-4910-AAA1-A2FA9C7139E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4B3A10E-70A8-4332-8567-06AE2C45D3C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "059F0D4E-B007-4986-AB95-89F11147CB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CAC78AD-86BB-4F06-B8CF-8E1329987F2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44563108-AD89-49A0-9FA5-7DE5A5601D2C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA5DC3F-E7D8-45E3-8114-2213EC631CDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "078AEFC0-96DA-4F50-BE8E-8360718103A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
              "versionEndIncluding": "8.0.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0531C009-B395-4E94-A5F0-A89A152E706B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB16F34-D561-498F-A8C3-A24A47BCEBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."
    },
    {
      "lang": "es",
      "value": "En Spring Cloud Function versiones 3.1.6, 3.2.2 y versiones anteriores no soportadas, cuando es usada la funcionalidad routing es posible que un usuario proporcione un SpEL especialmente dise\u00f1ado como expresi\u00f3n de enrutamiento que puede resultar en la ejecuci\u00f3n de c\u00f3digo remota y el acceso a recursos locales"
    }
  ],
  "id": "CVE-2022-22963",
  "lastModified": "2024-11-21T06:47:41.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-04-01T23:15:13.663",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22963"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2022-22963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-917"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-09-29 20:15
Modified
2024-11-21 05:50
Summary
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
References
support@hackerone.comhttp://seclists.org/fulldisclosure/2022/Mar/29Mailing List, Third Party Advisory
support@hackerone.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
support@hackerone.comhttps://hackerone.com/reports/1334763Exploit, Issue Tracking, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2021/09/msg00022.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/Mailing List, Third Party Advisory
support@hackerone.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/Mailing List, Third Party Advisory
support@hackerone.comhttps://security.gentoo.org/glsa/202212-01Third Party Advisory
support@hackerone.comhttps://security.netapp.com/advisory/ntap-20211029-0003/Third Party Advisory
support@hackerone.comhttps://support.apple.com/kb/HT213183Release Notes, Third Party Advisory
support@hackerone.comhttps://www.debian.org/security/2022/dsa-5197Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
support@hackerone.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Mar/29Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://hackerone.com/reports/1334763Exploit, Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/09/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2022/08/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202212-01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211029-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213183Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2022/dsa-5197Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
haxx curl *
fedoraproject fedora 33
fedoraproject fedora 35
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp cloud_backup -
netapp clustered_data_ontap -
netapp h300s_firmware -
netapp h300s -
netapp h500s_firmware -
netapp h500s -
netapp h700s_firmware -
netapp h700s -
netapp h300e_firmware -
netapp h300e -
netapp h500e_firmware -
netapp h500e -
netapp h700e_firmware -
netapp h700e -
netapp h410s_firmware -
netapp h410s -
netapp solidfire_baseboard_management_controller_firmware -
netapp solidfire_baseboard_management_controller -
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle mysql_server *
oracle mysql_server *
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
siemens sinec_infrastructure_network_services *
apple macos *
oracle commerce_guided_search 11.3.2
oracle communications_cloud_native_core_binding_support_function 22.1.3
oracle communications_cloud_native_core_console 22.2.0
oracle communications_cloud_native_core_network_repository_function 22.1.2
oracle communications_cloud_native_core_network_repository_function 22.2.0
oracle communications_cloud_native_core_security_edge_protection_proxy 22.1.1
splunk universal_forwarder *
splunk universal_forwarder *
splunk universal_forwarder 9.1.0



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:haxx:curl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CACB6A8-0CF6-4283-BB33-FE3B0026A23E",
              "versionEndExcluding": "7.79.0",
              "versionStartIncluding": "7.20.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6770B6C3-732E-4E22-BF1C-2D2FD610061C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F9C8C20-42EB-4AB5-BD97-212DEB070C43",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFF7106-ED78-49BA-9EC5-B889E3685D53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E63D8B0F-006E-4801-BF9D-1C001BBFB4F9",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "56409CEC-5A1E-4450-AA42-641E459CC2AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B06F4839-D16A-4A61-9BB5-55B13F41E47F",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "108A2215-50FB-4074-94CF-C130FA14566D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AFC73CE-ABB9-42D3-9A71-3F5BC5381E0E",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "32F0B6C0-F930-480D-962B-3F4EFDCC13C7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "803BC414-B250-4E3A-A478-A3881340D6B8",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEB3337-BFDE-462A-908B-176F92053CEC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "736AEAE9-782B-4F71-9893-DED53367E102",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B4AD8A-F172-4558-AEC6-FF424BA2D912",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8497A4C9-8474-4A62-8331-3FE862ED4098",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:solidfire_baseboard_management_controller_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB9B8171-F6CA-427D-81E0-6536D3BBFA8D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:solidfire_baseboard_management_controller:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "090AA6F4-4404-4E26-82AB-C3A22636F276",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E667933A-37EA-4BC2-9180-C3B4B7038866",
              "versionEndIncluding": "5.7.35",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6",
              "versionEndIncluding": "8.0.26",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
              "versionEndExcluding": "1.0.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9060C1B6-F101-46AE-8B08-6D6951304916",
              "versionEndExcluding": "12.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:22.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EDB6772-7FDB-45FF-8D72-952902A7EE56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2BC68D-C8B2-4C8B-9426-21F00CBDD873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A264E0DE-209D-49B1-8B26-51AB8BBC97F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:22.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBB5FF32-7362-4A1E-AD24-EF6B8770FCAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:22.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B40FAF9-0A6B-41C4-8CAD-D3D1DD982C2C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5722E753-75DE-4944-A11B-556CB299B57D",
              "versionEndExcluding": "8.2.12",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC0F9351-81A4-4FEA-B6B5-6E960A933D32",
              "versionEndExcluding": "9.0.6",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:splunk:universal_forwarder:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED24E67-2957-4C1B-8FEA-E2D2FE7B97FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server."
    },
    {
      "lang": "es",
      "value": "Cuando en  curl versiones posteriores a 7.20.0 incluy\u00e9ndola, y versiones anteriores a 7.78.0 incluy\u00e9ndola, se conecta a un servidor IMAP o POP3 para recuperar datos usando STARTTLS para actualizar a la seguridad TLS, el servidor puede responder y enviar m\u00faltiples respuestas a la vez que curl almacena en cach\u00e9. curl entonces actualizar\u00eda a TLS pero no vaciar\u00eda la cola de respuestas almacenadas en cach\u00e9, sino que continuar\u00eda usando y confiando en las respuestas que obtuvo *antes* del protocolo de enlace TLS como si estuvieran autenticadas. Usando este fallo, permite a un atacante de tipo Man-In-The-Middle inyectar primero las respuestas falsas, luego pasar mediante el tr\u00e1fico TLS del servidor leg\u00edtimo y enga\u00f1ar a curl para que env\u00ede datos de vuelta al usuario pensando que los datos inyectados por el atacante provienen del servidor protegido por TLS"
    }
  ],
  "id": "CVE-2021-22947",
  "lastModified": "2024-11-21T05:50:59.810",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-09-29T20:15:08.253",
  "references": [
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1334763"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213183"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "support@hackerone.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://hackerone.com/reports/1334763"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202212-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213183"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2022/dsa-5197"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "support@hackerone.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "support@hackerone.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-345"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-08-24 15:15
Modified
2024-11-21 06:22
Summary
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
References
openssl-security@openssl.orghttp://www.openwall.com/lists/oss-security/2021/08/26/2Mailing List, Third Party Advisory
openssl-security@openssl.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfPatch, Third Party Advisory
openssl-security@openssl.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
openssl-security@openssl.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
openssl-security@openssl.orghttps://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E
openssl-security@openssl.orghttps://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E
openssl-security@openssl.orghttps://lists.debian.org/debian-lts-announce/2021/09/msg00014.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttps://lists.debian.org/debian-lts-announce/2021/09/msg00021.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttps://security.gentoo.org/glsa/202209-02Third Party Advisory
openssl-security@openssl.orghttps://security.gentoo.org/glsa/202210-02Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20210827-0010/Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20240621-0006/
openssl-security@openssl.orghttps://www.debian.org/security/2021/dsa-4963Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20210824.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2021-16Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2022-02Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/08/26/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdfPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/09/msg00014.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/09/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202209-02Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202210-02Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210827-0010/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20240621-0006/
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4963Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20210824.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2022-02Patch, Third Party Advisory
Impacted products
Vendor Product Version
openssl openssl *
openssl openssl *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
netapp clustered_data_ontap -
netapp clustered_data_ontap_antivirus_connector -
netapp e-series_santricity_os_controller *
netapp hci_management_node -
netapp manageability_software_development_kit -
netapp santricity_smi-s_provider -
netapp solidfire -
netapp storage_encryption -
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
tenable nessus_network_monitor *
tenable tenable.sc *
oracle essbase *
oracle essbase *
oracle essbase 21.3
oracle mysql_connectors *
oracle mysql_enterprise_monitor *
oracle mysql_server *
oracle mysql_server *
oracle mysql_workbench *
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle secure_backup 18.1.0.1.0
oracle zfs_storage_appliance_kit 8.8
siemens sinec_infrastructure_network_services *
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_session_border_controller 8.4
oracle communications_session_border_controller 9.0
oracle communications_unified_session_manager 8.2.5
oracle communications_unified_session_manager 8.4.5
oracle enterprise_communications_broker 3.2.0
oracle enterprise_communications_broker 3.3.0
oracle enterprise_session_border_controller 8.4
oracle enterprise_session_border_controller 9.0
oracle health_sciences_inform_publisher 6.2.1.0
oracle health_sciences_inform_publisher 6.3.1.1
oracle jd_edwards_enterpriseone_tools *
oracle jd_edwards_world_security a9.4



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "20353A2F-46B5-4C46-B562-42CD6E2B248B",
              "versionEndExcluding": "1.0.2za",
              "versionStartIncluding": "1.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9592A08-7FF0-490F-B684-6EA8E49F36C7",
              "versionEndExcluding": "1.1.1l",
              "versionStartIncluding": "1.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "433D435D-13D0-4EAA-ACD9-DD88DA712D00",
              "versionEndIncluding": "11.50.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:manageability_software_development_kit:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D39DCAE7-494F-40B2-867F-6C6A077939DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_encryption:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D82795C-F1ED-4D2C-B578-75B9EECBB99C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5",
              "versionEndExcluding": "5.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:nessus_network_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E0DE4DE-9454-4E8D-9E00-3CBCDD8C142A",
              "versionEndExcluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D977244-DC29-4301-8D89-0BD01BC328B8",
              "versionEndIncluding": "5.19.1",
              "versionStartIncluding": "5.16.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A0BD5BD-E2F8-4B4E-B5CF-9787E6F2E4AE",
              "versionEndExcluding": "11.1.2.4.047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3197F464-F0A5-4BD4-9068-65CD448D8F4C",
              "versionEndExcluding": "21.3",
              "versionStartIncluding": "21.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:essbase:21.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "15DD67FD-CE98-4556-A036-B2970935AF4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE23C7E1-F849-411D-850F-A504D4BA3414",
              "versionEndIncluding": "8.0.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88627B99-16DC-4878-A63A-A40F6FC1F477",
              "versionEndIncluding": "8.0.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E667933A-37EA-4BC2-9180-C3B4B7038866",
              "versionEndIncluding": "5.7.35",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E83B4-8C66-4255-870B-2F72B37BA8C6",
              "versionEndIncluding": "8.0.26",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EED6C8C2-F986-4CFD-A343-AD2340F850F2",
              "versionEndIncluding": "8.0.26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_backup:18.1.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8929B61-16EC-4FE0-98A5-1CC7CC7FD9CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:siemens:sinec_infrastructure_network_services:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0F46497-4AB0-49A7-9453-CC26837BF253",
              "versionEndExcluding": "1.0.1.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C416FD3-2E2F-4BBC-BD5F-F896825883F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D886339E-EDB2-4879-BD54-1800E4CA9CAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC5C177E-0C77-48C9-847A-A9E5AA7DBC1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "348EEE70-E114-4720-AAAF-E77DE5C9A2D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_communications_broker:3.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DCDD73B-57B1-4580-B922-5662E3AC13B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A4E206-56C7-4578-AC9C-088B0C8D9CFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform_publisher:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1E6A38-4CBD-42E9-B2D2-11AEF157822F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform_publisher:6.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D105A5B-0AA8-4782-B804-CB1384F85884",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE34D4F7-5C18-4578-8D0A-722FDF931333",
              "versionEndExcluding": "9.2.6.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."
    },
    {
      "lang": "es",
      "value": "Las cadenas ASN.1 se representan internamente en OpenSSL como una estructura ASN1_STRING que contiene un b\u00fafer que contiene los datos de la cadena y un campo que contiene la longitud del b\u00fafer. Esto contrasta con las cadenas C normales, que se representan como un b\u00fafer para los datos de la cadena que termina con un byte NUL (0). Aunque no es un requisito estricto, las cadenas ASN.1 que se analizan usando las propias funciones \"d2i\" de OpenSSL (y otras funciones de an\u00e1lisis similares), as\u00ed como cualquier cadena cuyo valor ha sido ajustado con la funci\u00f3n ASN1_STRING_set(), terminar\u00e1n adicionalmente con NUL la matriz de bytes en la estructura ASN1_STRING. Sin embargo, es posible que las aplicaciones construyan directamente estructuras ASN1_STRING v\u00e1lidas que no terminen en NUL la matriz de bytes, ajustando directamente los campos \"data\" y \"length\" en la matriz ASN1_STRING. Esto tambi\u00e9n puede ocurrir usando la funci\u00f3n ASN1_STRING_set0(). Se ha detectado que numerosas funciones de OpenSSL que imprimen datos ASN.1 asumen que la matriz de bytes ASN1_STRING estar\u00e1 terminada en NUL, aunque esto no est\u00e1 garantizado para las cadenas que han sido construidas directamente. Cuando una aplicaci\u00f3n pide que se imprima una estructura ASN.1, y cuando esa estructura ASN.1 contiene ASN1_STRINGs que han sido construidos directamente por la aplicaci\u00f3n sin terminar en NUL el campo \"data\", entonces puede ocurrir un desbordamiento del buffer de lectura. Lo mismo puede ocurrir durante el procesamiento de las restricciones de nombre de los certificados (por ejemplo, si un certificado ha sido construido directamente por la aplicaci\u00f3n en lugar de cargarlo por medio de las funciones de an\u00e1lisis de OpenSSL, y el certificado contiene estructuras ASN1_STRING sin terminaci\u00f3n NUL). Tambi\u00e9n puede ocurrir en las funciones X509_get1_email(), X509_REQ_get1_email() y X509_get1_ocsp(). Si un actor malicioso puede hacer que una aplicaci\u00f3n construya directamente un ASN1_STRING y luego lo procese a mediante una de las funciones de OpenSSL afectadas, este problema podr\u00eda ser alcanzado. Esto podr\u00eda resultar en un bloqueo (causando un ataque de Denegaci\u00f3n de Servicio). Tambi\u00e9n podr\u00eda resultar en la revelaci\u00f3n de contenidos de memoria privada (como claves privadas, o texto plano confidencial). Corregido en OpenSSL versi\u00f3n 1.1.1l (Afectada 1.1.1-1.1.1k). Corregido en OpenSSL versi\u00f3n 1.0.2za (Afectada 1.0.2-1.0.2y)."
    }
  ],
  "id": "CVE-2021-3712",
  "lastModified": "2024-11-21T06:22:13.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-24T15:15:09.533",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-02"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-02"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4963"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20210824.txt"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-16"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2022-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202210-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4963"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20210824.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2022-02"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-12-02 15:15
Modified
2024-11-21 05:18
Summary
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
References
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=1881353Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E
secalert@redhat.comhttps://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2021/01/msg00000.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2021/dsa-4908Third Party Advisory
secalert@redhat.comhttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1881353Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/01/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4908Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3F836E-0018-4430-9FDD-235EA0F03F8D",
              "versionEndExcluding": "5.3.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:hibernate:hibernate_orm:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "355B45AF-42E0-4D63-969F-96FFEF16103B",
              "versionEndExcluding": "5.4.24",
              "versionStartIncluding": "5.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1809D7D8-574D-4524-90A6-4C0B163E5630",
              "versionEndIncluding": "1.9.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 un fallo en hibernate-core en versiones anteriores a 5.4.23.Final incluy\u00e9ndola.\u0026#xa0;Una inyecci\u00f3n SQL en la implementaci\u00f3n de la API de criterios de JPA puede permitir literales no saneados cuando es usado un literal en los comentarios de SQL de la consulta.\u0026#xa0;Este fallo podr\u00eda permitir a un atacante acceder a informaci\u00f3n no autorizada o posiblemente conducir m\u00e1s ataques.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos"
    }
  ],
  "id": "CVE-2020-25638",
  "lastModified": "2024-11-21T05:18:18.350",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-02T15:15:12.377",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4908"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4908"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-20 11:16
Modified
2024-11-21 06:03
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_connectors:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4956B3D4-4B4B-4D63-87A0-03416A487A07",
              "versionEndIncluding": "8.0.26",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
              "versionEndExcluding": "2.2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18DF6E75-8665-4E73-8E6F-634D8E581831",
              "versionEndExcluding": "2.6.0",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto MySQL Connectors de Oracle MySQL (componente: Connector/J). Las versiones compatibles que est\u00e1n afectadas son 8.0.26 y anteriores. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante muy privilegiado con acceso a la red por medio de m\u00faltiples protocolos comprometer a MySQL Connectors. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en un acceso no autorizado a datos cr\u00edticos o en el acceso completo a todos los datos accesibles de los Conectores MySQL y en la habilidad no autorizada de causar una suspensi\u00f3n o bloqueo repetible frecuentemente (DOS completa) de MySQL Connectors. CVSS 3.1 Puntuaci\u00f3n Base 5.9 (impactos en la Confidencialidad y la Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)"
    }
  ],
  "id": "CVE-2021-2471",
  "lastModified": "2024-11-21T06:03:11.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:N/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 9.2,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.2,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-10-20T11:16:17.117",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-28 16:15
Modified
2024-11-21 05:49
Summary
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.



{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFA56919-8FEB-4453-AF87-4343F6EC8E87",
              "versionEndIncluding": "5.2.17",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A3FC7B7-D599-4179-8642-FFC05CBF4604",
              "versionEndIncluding": "5.3.10",
              "versionStartIncluding": "5.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "E8F29E19-3A64-4426-A2AA-F169440267CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:management_services_for_element_software_and_netapp_hci:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDAC85F0-93AF-4BE3-AE1A-8ADAF1CDF9AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:metrocluster_tiebreaker:-:*:*:*:*:clustered_data_ontap:*:*",
              "matchCriteriaId": "B4A442CC-41F0-4DED-9D3C-89E58826E6A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
    },
    {
      "lang": "es",
      "value": "En Spring Framework versiones 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, y en versiones anteriores no soportadas, es posible para un usuario proporcionar una entrada maliciosa para causar una inserci\u00f3n de entradas de registro adicionales"
    }
  ],
  "id": "CVE-2021-22096",
  "lastModified": "2024-11-21T05:49:31.290",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-28T16:15:07.733",
  "references": [
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2021-22096"
    },
    {
      "source": "security@vmware.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://tanzu.vmware.com/security/cve-2021-22096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    }
  ],
  "sourceIdentifier": "security@vmware.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-117"
        }
      ],
      "source": "security@vmware.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2019-10219
Vulnerability from cvelistv5
Published
2019-11-08 14:46
Modified
2024-08-04 22:17
Summary
A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack.
References
https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2020:0164vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0159vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0160vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0161vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20220210-0024/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:17:18.975Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
          },
          {
            "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
          },
          {
            "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
          },
          {
            "name": "RHSA-2020:0164",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0164"
          },
          {
            "name": "RHSA-2020:0159",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0159"
          },
          {
            "name": "RHSA-2020:0160",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0160"
          },
          {
            "name": "RHSA-2020:0161",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0161"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
          },
          {
            "name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
          },
          {
            "name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hibernate-validator",
          "vendor": "Hibernate",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-10T09:07:39",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf%40%3Cnotifications.accumulo.apache.org%3E"
        },
        {
          "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6%40%3Cnotifications.accumulo.apache.org%3E"
        },
        {
          "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d%40%3Cnotifications.accumulo.apache.org%3E"
        },
        {
          "name": "RHSA-2020:0164",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0164"
        },
        {
          "name": "RHSA-2020:0159",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0159"
        },
        {
          "name": "RHSA-2020:0160",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0160"
        },
        {
          "name": "RHSA-2020:0161",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0161"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a%40%3Cpluto-dev.portals.apache.org%3E"
        },
        {
          "name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c%40%3Cpluto-dev.portals.apache.org%3E"
        },
        {
          "name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4%40%3Cpluto-scm.portals.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10219",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hibernate-validator",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Hibernate"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was found in Hibernate-Validator. The SafeHtml validator annotation fails to properly sanitize payloads consisting of potentially malicious code in HTML comments and instructions. This vulnerability can result in an XSS attack."
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "6.5/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[accumulo-notifications] 20200108 [GitHub] [accumulo] milleruntime opened a new pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r87b7e2d22982b4ca9f88f5f4f22a19b394d2662415b233582ed22ebf@%3Cnotifications.accumulo.apache.org%3E"
            },
            {
              "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime closed pull request #1469: Update hibernate-validator. Fixes CVE-2019-10219",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4f8b4e2541be4234946e40d55859273a7eec0f4901e8080ce2406fe6@%3Cnotifications.accumulo.apache.org%3E"
            },
            {
              "name": "[accumulo-notifications] 20200109 [GitHub] [accumulo] milleruntime commented on issue #1469: Update hibernate-validator. Fixes CVE-2019-10219",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4f92d7f7682dcff92722fa947f9e6f8ba2227c5dc3e11ba09114897d@%3Cnotifications.accumulo.apache.org%3E"
            },
            {
              "name": "RHSA-2020:0164",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0164"
            },
            {
              "name": "RHSA-2020:0159",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0159"
            },
            {
              "name": "RHSA-2020:0160",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0160"
            },
            {
              "name": "RHSA-2020:0161",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0161"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "[portals-pluto-dev] 20210714 [jira] [Created] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf9c17c3efc4a376a96e9e2777eee6acf0bec28e2200e4b35da62de4a@%3Cpluto-dev.portals.apache.org%3E"
            },
            {
              "name": "[portals-pluto-dev] 20210714 [jira] [Closed] (PLUTO-791) Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd418deda6f0ebe658c2015f43a14d03acb8b8c2c093c5bf6b880cd7c@%3Cpluto-dev.portals.apache.org%3E"
            },
            {
              "name": "[portals-pluto-scm] 20210714 [portals-pluto] branch master updated: PLUTO-791 Upgrade to hibernate-validator-6.0.20.Final due to CVE-2020-10693 and CVE-2019-10219",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb8dca19a4e52b60dab0ab21e2ff9968d78f4b84e4033824db1dd24b4@%3Cpluto-scm.portals.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10219"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220210-0024/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220210-0024/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10219",
    "datePublished": "2019-11-08T14:46:03",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:17:18.975Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-20289
Vulnerability from cvelistv5
Published
2021-03-26 16:28
Modified
2024-08-03 17:37
Severity ?
Summary
A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:37:23.769Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "resteasy",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-209",
              "description": "CWE-209",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:23:45",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-20289",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "resteasy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "resteasy 3.11.5.Final, resteasy 3.15.2.Final, resteasy 4.5.10.Final, resteasy 4.6.1.Final, resteasy 4.6.2.Final"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method\u0027s parameter value. The highest threat from this vulnerability is to data confidentiality."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-209"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1935927"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-20289",
    "datePublished": "2021-03-26T16:28:44",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-03T17:37:23.769Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-45105
Vulnerability from cvelistv5
Published
2021-12-18 11:55
Modified
2024-08-04 04:39
Severity ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
          },
          {
            "name": "DSA-5024",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5024"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.12.3",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "2.0-alpha1",
                  "status": "affected"
                }
              ],
              "lessThan": "2.17.0",
              "status": "affected",
              "version": "log4j-core",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "high"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:41:57",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
        },
        {
          "name": "DSA-5024",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5024"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "defect": [
          "LOG4J2-3230"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-45105",
          "STATE": "PUBLIC",
          "TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Log4j2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.17.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.12.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.3.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.0-alpha1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "high"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-674: Uncontrolled Recursion"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://logging.apache.org/log4j/2.x/security.html",
              "refsource": "MISC",
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "name": "VU#930724",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
            },
            {
              "name": "DSA-5024",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5024"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211218-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "defect": [
            "LOG4J2-3230"
          ],
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-45105",
    "datePublished": "2021-12-18T11:55:08",
    "dateReserved": "2021-12-16T00:00:00",
    "dateUpdated": "2024-08-04T04:39:20.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22569
Vulnerability from cvelistv5
Published
2022-01-07 00:00
Modified
2024-08-03 18:44
Summary
An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions.
Impacted products
Vendor Product Version
Google LLC protobuf-kotlin Version: unspecified   < 3.18.2
Version: unspecified   < 3.19.2
Google LLC google-protobuf [JRuby Gem] Version: unspecified   < 3.19.2
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:44:14.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
          },
          {
            "name": "[oss-security] 20220112 CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
          },
          {
            "name": "[oss-security] 20220112 Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "protobuf-java",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "3.16.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.18.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.19.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "protobuf-kotlin",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "3.18.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "3.19.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "google-protobuf [JRuby Gem]",
          "vendor": "Google LLC",
          "versions": [
            {
              "lessThan": "3.19.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "OSS-Fuzz - https://github.com/google/oss-fuzz"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue in protobuf-java allowed the interleaving of com.google.protobuf.UnknownFieldSet fields in such a way that would be processed out of order. A small malicious payload can occupy the parser for several minutes by creating large numbers of short-lived objects that cause frequent, repeated pauses. We recommend upgrading libraries beyond the vulnerable versions."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-696",
              "description": "CWE-696 Incorrect Behavior Order",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-04-18T00:00:00",
        "orgId": "14ed7db2-1595-443d-9d34-6215bf890778",
        "shortName": "Google"
      },
      "references": [
        {
          "url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=39330"
        },
        {
          "url": "https://cloud.google.com/support/bulletins#gcp-2022-001"
        },
        {
          "name": "[oss-security] 20220112 CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/01/12/4"
        },
        {
          "name": "[oss-security] 20220112 Re: CVE-2021-22569: Protobuf Java, Kotlin, JRuby DoS",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/01/12/7"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[debian-lts-announce] 20230418 [SECURITY] [DLA 3393-1] protobuf security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00019.html"
        }
      ],
      "source": {
        "discovery": "INTERNAL"
      },
      "title": "Denial of Service of protobuf-java parsing procedure",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "14ed7db2-1595-443d-9d34-6215bf890778",
    "assignerShortName": "Google",
    "cveId": "CVE-2021-22569",
    "datePublished": "2022-01-07T00:00:00",
    "dateReserved": "2021-01-05T00:00:00",
    "dateUpdated": "2024-08-03T18:44:14.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22946
Vulnerability from cvelistv5
Published
2022-03-04 15:50
Modified
2024-08-03 03:28
Severity ?
Summary
In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.597Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-22946"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Cloud Gateway",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:46:27",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tanzu.vmware.com/security/cve-2022-22946"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2022-22946",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Cloud Gateway",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring cloud gateway versions 3.1.x prior to 3.1.1+"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In spring cloud gateway versions prior to 3.1.1+ , applications that are configured to enable HTTP2 and no key store or trusted certificates are set will be configured to use an insecure TrustManager. This makes the gateway able to connect to remote services with invalid or custom certificates."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "OWASP Top Ten 2021 Category A05:2021 - Security Misconfiguration"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2022-22946",
              "refsource": "MISC",
              "url": "https://tanzu.vmware.com/security/cve-2022-22946"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22946",
    "datePublished": "2022-03-04T15:50:06",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.597Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14340
Vulnerability from cvelistv5
Published
2021-06-02 12:04
Modified
2024-08-04 12:39
Severity ?
Summary
A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.533Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "XNIO",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "xnio 3.7.9.Final, xnio 3.8.2.Final, xnio 3.9.0.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:36",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-14340",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "XNIO",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "xnio 3.7.9.Final, xnio 3.8.2.Final, xnio 3.9.0.Final"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability was discovered in XNIO where file descriptor leak caused by growing amounts of NIO Selector file handles between garbage collection cycles. It may allow the attacker to cause a denial of service. It affects XNIO versions 3.6.0.Beta1 through 3.8.1.Final."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860218"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-14340",
    "datePublished": "2021-06-02T12:04:28",
    "dateReserved": "2020-06-17T00:00:00",
    "dateUpdated": "2024-08-04T12:39:36.533Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-41973
Vulnerability from cvelistv5
Published
2021-11-01 08:35
Modified
2024-08-04 03:22
Severity ?
Summary
In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:22:25.568Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"
          },
          {
            "name": "[oss-security] 20211101 [ANNOUNCE] Apache MINA 2.0.22 \u0026 2.1.5 released",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/11/01/2"
          },
          {
            "name": "[oss-security] 20211101 CVE-2021-41973: Apache MINA HTTP listener DOS",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/11/01/8"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache MINA",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.0.22",
                  "status": "unaffected"
                }
              ],
              "lessThan": "2.1.5",
              "status": "affected",
              "version": "Apache MINA",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "critical"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-835",
              "description": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:57:05",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"
        },
        {
          "name": "[oss-security] 20211101 [ANNOUNCE] Apache MINA 2.0.22 \u0026 2.1.5 released",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/11/01/2"
        },
        {
          "name": "[oss-security] 20211101 CVE-2021-41973: Apache MINA HTTP listener DOS",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/11/01/8"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Apache MINA HTTP listener DOS",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-41973",
          "STATE": "PUBLIC",
          "TITLE": "Apache MINA HTTP listener DOS"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache MINA",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache MINA",
                            "version_value": "2.1.5"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache MINA",
                            "version_value": "2.0.22"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache MINA, a specifically crafted, malformed HTTP request may cause the HTTP Header decoder to loop indefinitely. The decoder assumed that the HTTP Header begins at the beginning of the buffer and loops if there is more data than expected. Please update MINA to 2.1.5 or greater."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "critical"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-835 Loop with Unreachable Exit Condition (\u0027Infinite Loop\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r0b907da9340d5ff4e6c1a4798ef4e79700a668657f27cca8a39e9250%40%3Cdev.mina.apache.org%3E"
            },
            {
              "name": "[oss-security] 20211101 [ANNOUNCE] Apache MINA 2.0.22 \u0026 2.1.5 released",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/11/01/2"
            },
            {
              "name": "[oss-security] 20211101 CVE-2021-41973: Apache MINA HTTP listener DOS",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/11/01/8"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-41973",
    "datePublished": "2021-11-01T08:35:09",
    "dateReserved": "2021-10-04T00:00:00",
    "dateUpdated": "2024-08-04T03:22:25.568Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22963
Vulnerability from cvelistv5
Published
2022-04-01 00:00
Modified
2024-08-03 03:28
Severity ?
Summary
In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.845Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-22963"
          },
          {
            "name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Cloud Function",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring  Cloud Function versions 3.1.6, 3.2.2 and all old and unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Cloud Function versions 3.1.6, 3.2.2 and older unsupported versions, when using routing functionality it is possible for a user to provide a specially crafted SpEL as a routing-expression that may result in remote code execution and access to local resources."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-07-13T00:00:00",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://tanzu.vmware.com/security/cve-2022-22963"
        },
        {
          "name": "20220401 Vulnerability in Spring Cloud Function Framework Affecting Cisco Products: March 2022",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-scf-rce-DQrHhJxH"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/173430/Spring-Cloud-3.2.2-Remote-Command-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22963",
    "datePublished": "2022-04-01T00:00:00",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.845Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22096
Vulnerability from cvelistv5
Published
2021-10-28 15:22
Modified
2024-08-03 18:30
Severity ?
Summary
In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:30:23.932Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2021-22096"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to  5.2.18+ and all older unsupported versions are impacted."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-117",
              "description": "CWE-117: Improper Output Neutralization for Logs",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:24:13",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tanzu.vmware.com/security/cve-2021-22096"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2021-22096",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring Framework versions 5.3.x prior to 5.3.12+, 5.2.x prior to  5.2.18+ and all older unsupported versions are impacted."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Spring Framework versions 5.3.0 - 5.3.10, 5.2.0 - 5.2.17, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-117: Improper Output Neutralization for Logs"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2021-22096",
              "refsource": "MISC",
              "url": "https://tanzu.vmware.com/security/cve-2021-22096"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211125-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211125-0005/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2021-22096",
    "datePublished": "2021-10-28T15:22:35",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-03T18:30:23.932Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-23221
Vulnerability from cvelistv5
Published
2022-01-19 00:00
Modified
2024-08-03 03:36
Severity ?
Summary
H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:36:20.341Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2database/h2database/security/advisories"
          },
          {
            "name": "20220124 Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221.",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Jan/39"
          },
          {
            "name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2923-1] h2database security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"
          },
          {
            "name": "DSA-5076",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5076"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/h2database/h2database/releases/tag/version-2.1.210"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://twitter.com/d0nkey_man/status/1483824727936450564"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20230818-0011/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "H2 Console before 2.1.210 allows remote attackers to execute arbitrary code via a jdbc:h2:mem JDBC URL containing the IGNORE_UNKNOWN_SETTINGS=TRUE;FORBID_CREATION=FALSE;INIT=RUNSCRIPT substring, a different vulnerability than CVE-2021-42392."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-18T13:06:46.031809",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/h2database/h2database/security/advisories"
        },
        {
          "name": "20220124 Unauthenticated RCE vuln in the H2 Database console: CVE-2022-23221.",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Jan/39"
        },
        {
          "name": "[debian-lts-announce] 20220215 [SECURITY] [DLA 2923-1] h2database security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/02/msg00017.html"
        },
        {
          "name": "DSA-5076",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5076"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://github.com/h2database/h2database/releases/tag/version-2.1.210"
        },
        {
          "url": "https://twitter.com/d0nkey_man/status/1483824727936450564"
        },
        {
          "url": "http://packetstormsecurity.com/files/165676/H2-Database-Console-Remote-Code-Execution.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20230818-0011/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-23221",
    "datePublished": "2022-01-19T00:00:00",
    "dateReserved": "2022-01-14T00:00:00",
    "dateUpdated": "2024-08-03T03:36:20.341Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22060
Vulnerability from cvelistv5
Published
2022-01-07 22:39
Modified
2024-08-03 18:30
Severity ?
Summary
In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:30:23.916Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2021-22060"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Framework 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Malicious input to cause the insertion of additional log entries.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:24:11",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tanzu.vmware.com/security/cve-2021-22060"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2021-22060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring Framework 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Spring Framework versions 5.3.0 - 5.3.13, 5.2.0 - 5.2.18, and older unsupported versions, it is possible for a user to provide malicious input to cause the insertion of additional log entries. This is a follow-up to CVE-2021-22096 that protects against additional types of input and in more places of the Spring Framework codebase."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Malicious input to cause the insertion of additional log entries."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2021-22060",
              "refsource": "MISC",
              "url": "https://tanzu.vmware.com/security/cve-2021-22060"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2021-22060",
    "datePublished": "2022-01-07T22:39:55",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-03T18:30:23.916Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-25638
Vulnerability from cvelistv5
Published
2020-12-02 14:36
Modified
2024-08-04 15:40
Severity ?
Summary
A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:40:35.438Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
          },
          {
            "name": "[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
          },
          {
            "name": "DSA-4908",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4908"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
          },
          {
            "name": "[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "hibernate-core",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Hibernate ORM versions before 5.4.24.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-89",
              "description": "CWE-89",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:15:21",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
        },
        {
          "name": "[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
        },
        {
          "name": "DSA-4908",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4908"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44%40%3Cdev.turbine.apache.org%3E"
        },
        {
          "name": "[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df%40%3Ccommits.turbine.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25638",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "hibernate-core",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Hibernate ORM versions before 5.4.24.Final"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-89"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881353"
            },
            {
              "name": "[debian-lts-announce] 20210103 [SECURITY] [DLA 2512-1] libhibernate3-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/01/msg00000.html"
            },
            {
              "name": "DSA-4908",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4908"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[turbine-dev] 20211015 Fulcrum Security Hibernate Module",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r833c1276e41334fa675848a08daf0c61f39009f9f9a400d9f7006d44@%3Cdev.turbine.apache.org%3E"
            },
            {
              "name": "[turbine-commits] 20211018 [turbine-fulcrum-security] 02/02: disable module hibernate (JIRA issue TRB-103), update docs, remove suppression",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf2378209c676a28b71f9b604a3b3517c448540b85367160e558ef9df@%3Ccommits.turbine.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25638",
    "datePublished": "2020-12-02T14:36:24",
    "dateReserved": "2020-09-16T00:00:00",
    "dateUpdated": "2024-08-04T15:40:35.438Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22946
Vulnerability from cvelistv5
Published
2021-09-29 00:00
Modified
2024-08-03 18:58
Severity ?
Summary
A user can tell curl >= 7.20.0 and <= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.135Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1334111"
          },
          {
            "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
          },
          {
            "name": "FEDORA-2021-fc96a3a749",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "FEDORA-2021-1d24845e93",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "curl 7.20.0 to and including 7.78.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A user can tell curl \u003e= 7.20.0 and \u003c= 7.78.0 to require a successful upgrade to TLS when speaking to an IMAP, POP3 or FTP server (`--ssl-reqd` on the command line or`CURLOPT_USE_SSL` set to `CURLUSESSL_CONTROL` or `CURLUSESSL_ALL` withlibcurl). This requirement could be bypassed if the server would return a properly crafted but perfectly legitimate response.This flaw would then make curl silently continue its operations **withoutTLS** contrary to the instructions and expectations, exposing possibly sensitive data in clear text over the network."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-325",
              "description": "Missing Required Cryptographic Step (CWE-325)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1334111"
        },
        {
          "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
        },
        {
          "name": "FEDORA-2021-fc96a3a749",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "name": "FEDORA-2021-1d24845e93",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220121-0008/"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://support.apple.com/kb/HT213183"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22946",
    "datePublished": "2021-09-29T00:00:00",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.135Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-2471
Vulnerability from cvelistv5
Published
2021-10-20 10:49
Modified
2024-09-25 19:39
Summary
Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H).
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:45:50.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2021-2471",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-25T19:15:14.455458Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-25T19:39:53.220Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "MySQL Connectors",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.26 and prior"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T20:36:38",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2021-2471",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "MySQL Connectors",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.0.26 and prior"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the MySQL Connectors product of Oracle MySQL (component: Connector/J). Supported versions that are affected are 8.0.26 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors. CVSS 3.1 Base Score 5.9 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.9",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Difficult to exploit vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Connectors.  Successful attacks of this vulnerability can result in  unauthorized access to critical data or complete access to all MySQL Connectors accessible data and unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Connectors."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2021-2471",
    "datePublished": "2021-10-20T10:49:38",
    "dateReserved": "2020-12-09T00:00:00",
    "dateUpdated": "2024-09-25T19:39:53.220Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-10086
Vulnerability from cvelistv5
Published
2019-08-20 20:10
Modified
2024-08-04 22:10
Severity ?
Summary
In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean.
References
http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2019/08/msg00030.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3Emailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.htmlvendor-advisory, x_refsource_SUSE
https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:4317vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0057vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0194vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0806vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0811vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0804vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0805vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:09.585Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
          },
          {
            "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
          },
          {
            "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2019:2058",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
          },
          {
            "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
          },
          {
            "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
          },
          {
            "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
          },
          {
            "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
          },
          {
            "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
          },
          {
            "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
          },
          {
            "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-bcad44b5d6",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
          },
          {
            "name": "FEDORA-2019-79b5790566",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
          },
          {
            "name": "RHSA-2019:4317",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4317"
          },
          {
            "name": "RHSA-2020:0057",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0057"
          },
          {
            "name": "RHSA-2020:0194",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0194"
          },
          {
            "name": "RHSA-2020:0806",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0806"
          },
          {
            "name": "RHSA-2020:0811",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0811"
          },
          {
            "name": "RHSA-2020:0804",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0804"
          },
          {
            "name": "RHSA-2020:0805",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0805"
          },
          {
            "name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
          },
          {
            "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Commons Beanutils",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Commons Beanutils 1.0 to 1.9.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-22T17:59:36",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4%40apache.org%3e"
        },
        {
          "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
        },
        {
          "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125%40%3Ccommits.tinkerpop.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2019:2058",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
        },
        {
          "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0%40%3Cissues.commons.apache.org%3E"
        },
        {
          "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5%40%3Cissues.commons.apache.org%3E"
        },
        {
          "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc%40%3Cissues.commons.apache.org%3E"
        },
        {
          "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f%40%3Cdev.shiro.apache.org%3E"
        },
        {
          "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48%40%3Cdev.shiro.apache.org%3E"
        },
        {
          "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3%40%3Cdev.shiro.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6%40%3Cdev.shiro.apache.org%3E"
        },
        {
          "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa%40%3Cdev.shiro.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-bcad44b5d6",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
        },
        {
          "name": "FEDORA-2019-79b5790566",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
        },
        {
          "name": "RHSA-2019:4317",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4317"
        },
        {
          "name": "RHSA-2020:0057",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0057"
        },
        {
          "name": "RHSA-2020:0194",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0194"
        },
        {
          "name": "RHSA-2020:0806",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0806"
        },
        {
          "name": "RHSA-2020:0811",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0811"
        },
        {
          "name": "RHSA-2020:0804",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0804"
        },
        {
          "name": "RHSA-2020:0805",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0805"
        },
        {
          "name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9%40%3Cdev.brooklyn.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba%40%3Ccommits.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825%40%3Ccommits.dolphinscheduler.apache.org%3E"
        },
        {
          "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c%40%3Ccommits.dolphinscheduler.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997%40%3Cissues.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-10086",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Commons Beanutils",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Commons Beanutils 1.0 to 1.9.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache Commons Beanutils 1.9.2, a special BeanIntrospector class was added which allows suppressing the ability for an attacker to access the classloader via the class property available on all Java objects. We, however were not using this by default characteristic of the PropertyUtilsBean."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[www-announce] 20190815 [SECURITY] CVE-2019-10086. Apache Commons Beanutils does not suppresses the class property in PropertyUtilsBean by default.",
              "refsource": "MLIST",
              "url": "http://mail-archives.apache.org/mod_mbox/www-announce/201908.mbox/%3cC628798F-315D-4428-8CB1-4ED1ECC958E4@apache.org%3e"
            },
            {
              "name": "[debian-lts-announce] 20190824 [SECURITY] [DLA 1896-1] commons-beanutils security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00030.html"
            },
            {
              "name": "[tinkerpop-commits] 20190829 [tinkerpop] branch master updated: Bump commons-beanutils to 1.9.4 for CVE-2019-10086 - CTR",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3d1ed1a1596c08c4d5fea97b36c651ce167b773f1afc75251ce7a125@%3Ccommits.tinkerpop.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2019:2058",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-09/msg00007.html"
            },
            {
              "name": "[commons-issues] 20190906 [jira] [Updated] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/956995acee0d8bc046f1df0a55b7fbeb65dd2f82864e5de1078bacb0@%3Cissues.commons.apache.org%3E"
            },
            {
              "name": "[commons-issues] 20190906 [jira] [Closed] (CONFIGURATION-755) [CVE-2014-0114] Update Apache Commons BeanUtils from 1.9.3 to 1.9.4.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1f78f1e32cc5614ec0c5b822ba4bd7fc8e8b5c46c8e038b6bd609cb5@%3Cissues.commons.apache.org%3E"
            },
            {
              "name": "[commons-issues] 20190925 [GitHub] [commons-validator] jeff-schram opened a new pull request #18: Update pom.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/02094ad226dbc17a2368beaf27e61d8b1432f5baf77d0ca995bb78bc@%3Cissues.commons.apache.org%3E"
            },
            {
              "name": "[shiro-dev] 20191001 [jira] [Updated] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d6ca9439c53374b597f33b7ec180001625597db48ea30356af01145f@%3Cdev.shiro.apache.org%3E"
            },
            {
              "name": "[shiro-dev] 20191001 [jira] [Created] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fiix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2fd61dc89df9aeab738d2b49f48d42c76f7d53b980ba04e1d48bce48@%3Cdev.shiro.apache.org%3E"
            },
            {
              "name": "[shiro-dev] 20191001 [jira] [Commented] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/c94bc9649d5109a663b2129371dc45753fbdeacd340105548bbe93c3@%3Cdev.shiro.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "[shiro-dev] 20191023 [jira] [Assigned] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5261066cd7adee081ee05c8bf0e96cf0b2eeaced391e19117ae4daa6@%3Cdev.shiro.apache.org%3E"
            },
            {
              "name": "[shiro-dev] 20191105 [jira] [Resolved] (SHIRO-723) Provide Minor Shiro Release that includes CVE-2019-10086 Fix",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a684107d3a78e431cf0fbb90629e8559a36ff8fe94c3a76e620b39fa@%3Cdev.shiro.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-bcad44b5d6",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4APPGLBWMFAS4WHNLR4LIJ65DJGPV7TF/"
            },
            {
              "name": "FEDORA-2019-79b5790566",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIUYSL2RSIWZVNSUIXJTIFPIPIF6OAIO/"
            },
            {
              "name": "RHSA-2019:4317",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4317"
            },
            {
              "name": "RHSA-2020:0057",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0057"
            },
            {
              "name": "RHSA-2020:0194",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0194"
            },
            {
              "name": "RHSA-2020:0806",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0806"
            },
            {
              "name": "RHSA-2020:0811",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0811"
            },
            {
              "name": "RHSA-2020:0804",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0804"
            },
            {
              "name": "RHSA-2020:0805",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0805"
            },
            {
              "name": "[brooklyn-dev] 20200420 [GitHub] [brooklyn-server] duncangrant opened a new pull request #1091: Update library versions due to CVEs",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r967953a14e05016bc4bcae9ef3dd92e770181158b4246976ed8295c9@%3Cdev.brooklyn.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "[atlas-dev] 20201022 [jira] [Created] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rae81e0c8ebdf47ffaa85a01240836bfece8a990c48f55c7933162b5c@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20201022 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/reee57101464cf7622d640ae013b2162eb864f603ec4093de8240bb8f@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20201023 Re: Review Request 72983: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r18d8b4f9263e5cad3bbaef0cdba0e2ccdf9201316ac4b85e23eb7ee4@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20201023 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra87ac17410a62e813cba901fdd4e9a674dd53daaf714870f28e905f1@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-commits] 20201023 [atlas] 01/05: ATLAS-4002 : Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb8dac04cb7e9cc5dedee8dabaa1c92614f590642e5ebf02a145915ba@%3Ccommits.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6194ced4828deb32023cd314e31f41c61d388b58935d102c7de91f58@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20201026 [jira] [Updated] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r306c0322aa5c0da731e03f3ce9f07f4745c052c6b73f4e78faf232ca@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20201023 [jira] [Commented] (ATLAS-4002) Upgrade commons-beanutils to 1.9.4 due to CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/racd3e7b2149fa2f255f016bd6bffab0fea77b6fb81c50db9a17f78e6@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[rocketmq-dev] 20201223 [GitHub] [rocketmq] crazywen opened a new pull request #2515: Update pom.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r43de02fd4a4f52c4bdeff8c02f09625d83cd047498009c1cdab857db@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] lgcareer commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r513a7a21c422170318115463b399dd58ab447fe0990b13e5884f0825@%3Ccommits.dolphinscheduler.apache.org%3E"
            },
            {
              "name": "[dolphinscheduler-commits] 20210121 [GitHub] [incubator-dolphinscheduler] c-f-cooper commented on pull request #4525: [Improvement-4506][LICENSE] upgrade the version of the commons-beanutils",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra9a139fdc0999750dcd519e81384bc1fe3946f311b1796221205f51c@%3Ccommits.dolphinscheduler.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[nifi-issues] 20210827 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcc029be4edaaf5b8bb85818aab494e16f312fced07a0f4a202771ba2@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210827 [GitHub] [nifi] naddym opened a new pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r46e536fc98942dce99fadd2e313aeefe90c1a769c5cd85d98df9d098@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210827 [jira] [Created] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rec74f3a94dd850259c730b4ba6f7b6211222b58900ec088754aa0534@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210907 [GitHub] [nifi] MikeThomsen commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2d5f1d88c39bd615271abda63964a0bee9b2b57fef1f84cb4c43032e@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20210907 [nifi] branch main updated: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086 NIFI-9170 Add two more 1.9.4 references to close out the few things identified by the Maven dependency plugin.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re2028d4d76ba1db3e3c3a722d6c6034e801cc3b309f69cc166eaa32b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210907 [GitHub] [nifi] asfgit closed pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra41fd0ad4b7e1d675c03a5081a16a6603085a4e37d30b866067566fe@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210907 [jira] [Commented] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3cd7cb641d7fc6684e4fc3c336a8bad4a01434bb5625a06e3600fd1@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210908 [GitHub] [nifi] naddym commented on pull request #5351: NIFI-9170 Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd2d2493f4f1af6980d265b8d84c857e2b7ab80a46e1423710c448957@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-issues] 20210915 [jira] [Updated] (NIFI-9170) Upgrade commons-beanutils to 1.9.4 to mitigate CVE-2019-10086",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1f76c2c0a4d6efb8a3523974f9d085d5838b73e7bffdf9a8f212997@%3Cissues.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-10086",
    "datePublished": "2019-08-20T20:10:15",
    "dateReserved": "2019-03-26T00:00:00",
    "dateUpdated": "2024-08-04T22:10:09.585Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-3712
Vulnerability from cvelistv5
Published
2021-08-24 14:50
Modified
2024-09-16 20:32
Severity ?
Summary
ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL's own "d2i" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the "data" and "length" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the "data" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y).
References
https://www.openssl.org/news/secadv/20210824.txt
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12
https://www.debian.org/security/2021/dsa-4963vendor-advisory
https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3Emailing-list
http://www.openwall.com/lists/oss-security/2021/08/26/2mailing-list
https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3Emailing-list
https://security.netapp.com/advisory/ntap-20210827-0010/
https://lists.debian.org/debian-lts-announce/2021/09/msg00014.htmlmailing-list
https://lists.debian.org/debian-lts-announce/2021/09/msg00021.htmlmailing-list
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.tenable.com/security/tns-2021-16
https://kc.mcafee.com/corporate/index?page=content&id=SB10366
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.tenable.com/security/tns-2022-02
https://www.oracle.com/security-alerts/cpuapr2022.html
https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf
https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf
https://security.gentoo.org/glsa/202209-02vendor-advisory
https://security.gentoo.org/glsa/202210-02vendor-advisory
https://security.netapp.com/advisory/ntap-20240621-0006/
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:08.180Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20210824.txt"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
          },
          {
            "name": "DSA-4963",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4963"
          },
          {
            "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
          },
          {
            "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
          },
          {
            "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
          },
          {
            "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2022-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
          },
          {
            "name": "GLSA-202209-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-02"
          },
          {
            "name": "GLSA-202210-02",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202210-02"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k)"
            },
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ingo Schwarze"
        }
      ],
      "datePublic": "2021-08-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "ASN.1 strings are represented internally within OpenSSL as an ASN1_STRING structure which contains a buffer holding the string data and a field holding the buffer length. This contrasts with normal C strings which are repesented as a buffer for the string data which is terminated with a NUL (0) byte. Although not a strict requirement, ASN.1 strings that are parsed using OpenSSL\u0027s own \"d2i\" functions (and other similar parsing functions) as well as any string whose value has been set with the ASN1_STRING_set() function will additionally NUL terminate the byte array in the ASN1_STRING structure. However, it is possible for applications to directly construct valid ASN1_STRING structures which do not NUL terminate the byte array by directly setting the \"data\" and \"length\" fields in the ASN1_STRING array. This can also happen by using the ASN1_STRING_set0() function. Numerous OpenSSL functions that print ASN.1 data have been found to assume that the ASN1_STRING byte array will be NUL terminated, even though this is not guaranteed for strings that have been directly constructed. Where an application requests an ASN.1 structure to be printed, and where that ASN.1 structure contains ASN1_STRINGs that have been directly constructed by the application without NUL terminating the \"data\" field, then a read buffer overrun can occur. The same thing can also occur during name constraints processing of certificates (for example if a certificate has been directly constructed by the application instead of loading it via the OpenSSL parsing functions, and the certificate contains non NUL terminated ASN1_STRING structures). It can also occur in the X509_get1_email(), X509_REQ_get1_email() and X509_get1_ocsp() functions. If a malicious actor can cause an application to directly construct an ASN1_STRING and then process it through one of the affected OpenSSL functions then this issue could be hit. This might result in a crash (causing a Denial of Service attack). It could also result in the disclosure of private memory contents (such as private keys, or sensitive plaintext). Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). Fixed in OpenSSL 1.0.2za (Affected 1.0.2-1.0.2y)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Buffer overflow",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-06-21T19:07:21.902973",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "url": "https://www.openssl.org/news/secadv/20210824.txt"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=94d23fcff9b2a7a8368dfe52214d5c2569882c11"
        },
        {
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=ccb0a11145ee72b042d10593a64eaf9e8a55ec12"
        },
        {
          "name": "DSA-4963",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4963"
        },
        {
          "name": "[tomcat-dev] 20210825 OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r18995de860f0e63635f3008fd2a6aca82394249476d21691e7c59c9e%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210825 OpenSSL SM2 Decryption Buffer Overflow (CVE-2021-3711), Read buffer overruns processing ASN.1 strings (CVE-2021-3712)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/08/26/2"
        },
        {
          "name": "[tomcat-dev] 20210826 Re: OpenSSL security announcement - do we need a Tomcat Native release?",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rad5d9f83f0d11fb3f8bb148d179b8a9ad7c6a17f18d70e5805a713d1%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20210827-0010/"
        },
        {
          "name": "[debian-lts-announce] 20210926 [SECURITY] [DLA 2766-1] openssl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00014.html"
        },
        {
          "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2774-1] openssl1.0 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2021-16"
        },
        {
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2022-02"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-244969.pdf"
        },
        {
          "name": "GLSA-202209-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202209-02"
        },
        {
          "name": "GLSA-202210-02",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202210-02"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20240621-0006/"
        }
      ],
      "title": "Read buffer overruns processing ASN.1 strings"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2021-3712",
    "datePublished": "2021-08-24T14:50:14.704334Z",
    "dateReserved": "2021-08-16T00:00:00",
    "dateUpdated": "2024-09-16T20:32:42.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-22947
Vulnerability from cvelistv5
Published
2021-09-29 00:00
Modified
2024-08-03 18:58
Severity ?
Summary
When curl >= 7.20.0 and <= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker's injected data comes from the TLS-protected server.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:58:26.408Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1334763"
          },
          {
            "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
          },
          {
            "name": "FEDORA-2021-fc96a3a749",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "FEDORA-2021-1d24845e93",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213183"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "DSA-5197",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5197"
          },
          {
            "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
          },
          {
            "name": "GLSA-202212-01",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202212-01"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "https://github.com/curl/curl",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "curl 7.20.0 to and including 7.78.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When curl \u003e= 7.20.0 and \u003c= 7.78.0 connects to an IMAP or POP3 server to retrieve data using STARTTLS to upgrade to TLS security, the server can respond and send back multiple responses at once that curl caches. curl would then upgrade to TLS but not flush the in-queue of cached responses but instead continue using and trustingthe responses it got *before* the TLS handshake as if they were authenticated.Using this flaw, it allows a Man-In-The-Middle attacker to first inject the fake responses, then pass-through the TLS traffic from the legitimate server and trick curl into sending data back to the user thinking the attacker\u0027s injected data comes from the TLS-protected server."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-310",
              "description": "Cryptographic Issues - Generic (CWE-310)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-12-19T00:00:00",
        "orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
        "shortName": "hackerone"
      },
      "references": [
        {
          "url": "https://hackerone.com/reports/1334763"
        },
        {
          "name": "[debian-lts-announce] 20210930 [SECURITY] [DLA 2773-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/09/msg00022.html"
        },
        {
          "name": "FEDORA-2021-fc96a3a749",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RWLEC6YVEM2HWUBX67SDGPSY4CQB72OE/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "name": "FEDORA-2021-1d24845e93",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APOAK4X73EJTAPTSVT7IRVDMUWVXNWGD/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20211029-0003/"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-4 macOS Monterey 12.3",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/29"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-389290.pdf"
        },
        {
          "url": "https://support.apple.com/kb/HT213183"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "DSA-5197",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5197"
        },
        {
          "name": "[debian-lts-announce] 20220828 [SECURITY] [DLA 3085-1] curl security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/08/msg00017.html"
        },
        {
          "name": "GLSA-202212-01",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202212-01"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1",
    "assignerShortName": "hackerone",
    "cveId": "CVE-2021-22947",
    "datePublished": "2021-09-29T00:00:00",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-03T18:58:26.408Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22965
Vulnerability from cvelistv5
Published
2022-04-01 22:17
Modified
2024-08-03 03:28
Severity ?
Summary
A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.725Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://www.kb.cert.org/vuls/id/970766"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-22965"
          },
          {
            "name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:46:59",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://tanzu.vmware.com/security/cve-2022-22965"
        },
        {
          "name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@vmware.com",
          "ID": "CVE-2022-22965",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Spring Framework versions 5.3.X prior to 5.3.18+, 5.2.x prior to 5.2.20+ and all old and unsupported versions"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Spring MVC or Spring WebFlux application running on JDK 9+ may be vulnerable to remote code execution (RCE) via data binding. The specific exploit requires the application to run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot executable jar, i.e. the default, it is not vulnerable to the exploit. However, the nature of the vulnerability is more general, and there may be other ways to exploit it."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://tanzu.vmware.com/security/cve-2022-22965",
              "refsource": "MISC",
              "url": "https://tanzu.vmware.com/security/cve-2022-22965"
            },
            {
              "name": "20220401 Vulnerability in Spring Framework Affecting Cisco Products: March 2022",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-java-spring-rce-Zx9GUc67"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0005"
            },
            {
              "name": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/166713/Spring4Shell-Code-Execution.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-254054.pdf"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/167011/Spring4Shell-Spring-Framework-Class-Property-Remote-Code-Execution.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22965",
    "datePublished": "2022-04-01T22:17:30",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.725Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-22947
Vulnerability from cvelistv5
Published
2022-03-03 00:00
Modified
2024-08-03 03:28
Severity ?
Summary
In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T03:28:42.449Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://tanzu.vmware.com/security/cve-2022-22947"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Cloud Gateway",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Spring cloud gateway versions 3.1.x prior to 3.1.1+, 3.0.x prior to 3.0.7+ and all old and unsupported versions"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In spring cloud gateway versions prior to 3.1.1+ and 3.0.7+ , applications are vulnerable to a code injection attack when the Gateway Actuator endpoint is enabled, exposed and unsecured. A remote attacker could make a maliciously crafted request that could allow arbitrary remote execution on the remote host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-17T00:00:00",
        "orgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
        "shortName": "vmware"
      },
      "references": [
        {
          "url": "https://tanzu.vmware.com/security/cve-2022-22947"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/166219/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/168742/Spring-Cloud-Gateway-3.1.0-Remote-Code-Execution.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dcf2e128-44bd-42ed-91e8-88f912c1401d",
    "assignerShortName": "vmware",
    "cveId": "CVE-2022-22947",
    "datePublished": "2022-03-03T00:00:00",
    "dateReserved": "2022-01-10T00:00:00",
    "dateUpdated": "2024-08-03T03:28:42.449Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-21409
Vulnerability from cvelistv5
Published
2021-03-30 15:05
Modified
2024-08-03 18:09
Summary
Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers & clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final.
References
https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32x_refsource_CONFIRM
https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpjx_refsource_MISC
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295x_refsource_MISC
https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432x_refsource_MISC
https://www.debian.org/security/2021/dsa-4885vendor-advisory, x_refsource_DEBIAN
https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210604-0003/x_refsource_CONFIRM
https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:09:16.144Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
          },
          {
            "name": "DSA-4885",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4885"
          },
          {
            "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
          },
          {
            "name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
          },
          {
            "name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
          },
          {
            "name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
          },
          {
            "name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
          },
          {
            "name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "netty",
          "vendor": "netty",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 4.1.61.Final"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:24:02",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
        },
        {
          "name": "DSA-4885",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4885"
        },
        {
          "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898%40%3Cdev.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5%40%3Cissues.flink.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
        },
        {
          "name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc%40%3Cissues.kudu.apache.org%3E"
        },
        {
          "name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3%40%3Cissues.kudu.apache.org%3E"
        },
        {
          "name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b%40%3Cissues.kudu.apache.org%3E"
        },
        {
          "name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb%40%3Cissues.kudu.apache.org%3E"
        },
        {
          "name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d%40%3Cissues.kudu.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "source": {
        "advisory": "GHSA-f256-j965-7f32",
        "discovery": "UNKNOWN"
      },
      "title": "Possible request smuggling in HTTP/2 due missing validation of content-length",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-21409",
          "STATE": "PUBLIC",
          "TITLE": "Possible request smuggling in HTTP/2 due missing validation of content-length"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "netty",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 4.1.61.Final"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "netty"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Netty is an open-source, asynchronous event-driven network application framework for rapid development of maintainable high performance protocol servers \u0026 clients. In Netty (io.netty:netty-codec-http2) before version 4.1.61.Final there is a vulnerability that enables request smuggling. The content-length header is not correctly validated if the request only uses a single Http2HeaderFrame with the endStream set to to true. This could lead to request smuggling if the request is proxied to a remote peer and translated to HTTP/1.1. This is a followup of GHSA-wm47-8v5p-wjpj/CVE-2021-21295 which did miss to fix this one case. This was fixed as part of 4.1.61.Final."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32",
              "refsource": "CONFIRM",
              "url": "https://github.com/netty/netty/security/advisories/GHSA-f256-j965-7f32"
            },
            {
              "name": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj",
              "refsource": "MISC",
              "url": "https://github.com/netty/netty/security/advisories/GHSA-wm47-8v5p-wjpj"
            },
            {
              "name": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295",
              "refsource": "MISC",
              "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21295"
            },
            {
              "name": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432",
              "refsource": "MISC",
              "url": "https://github.com/netty/netty/commit/b0fa4d5aab4215f3c22ce6123dd8dd5f38dc0432"
            },
            {
              "name": "DSA-4885",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4885"
            },
            {
              "name": "[zookeeper-dev] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r70c3a7bfa904f06a1902f4df20ee26e4f09a46b8fd3eb304dc57a2de@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210407 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra66e93703e3f4bd31bdfd0b6fb0c32ae96b528259bb1aa2b6d38e401@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210407 [jira] [Created] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2732aa3884cacfecac4c54cfaa77c279ba815cad44b464a567216f83@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210408 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0ca82fec33334e571fe5b388272260778883e307e15415d7b1443de2@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210408 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r823d4b27fcba8dad5fe945bdefce3ca5a0031187966eb6ef3cc22ba9@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] ayushmantri opened a new pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r101f82d8f3b5af0bf79aecbd5b2dd3b404f6bb51d1a54c2c3d29bed9@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210408 [jira] [Updated] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf521ff2be2e2dd38984174d3451e6ee935c845948845c8fccd86371d@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] arshadmohammad commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5cbea8614812289a9b98d0cfc54b47f54cef424ac98d5e315b791795@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210408 [zookeeper] branch master updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd206d9dd7eb894cc089b37fe6edde2932de88d63a6d8368b44f5101@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210408 [jira] [Resolved] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rac8cf45a1bab9ead5c9a860cbadd6faaeb7792203617b6ec3874736d@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.6 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4a98827bb4a7edbd69ef862f2351391845697c40711820d10df52ca5@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210408 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r69efd8ef003f612c43e4154e788ca3b1f837feaacd16d97854402355@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210408 [jira] [Assigned] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4b8be87acf5b9c098a2ee350b5ca5716fe7afeaf0a21a4ee45a90687@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210408 [GitHub] [zookeeper] asfgit closed pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re4b0141939370304d676fe23774d0c6fbc584b648919825402d0cb39@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210408 [zookeeper] 01/02: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd5715f3ee5e3216d5e0083a07994f67da6dbb9731ce9e7a6389b18e@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210409 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b3cb056364794f919aaf26ceaf7423de64e7fdd05a914066e7d5219@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari opened a new pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf38e4dcdefc7c59f7ba0799a399d6d6e37b555d406a1dfc2fcbf0b35@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210419 [GitHub] [pulsar] lhotari commented on pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r61564d86a75403b854cdafee67fc69c8b88c5f6802c2c838f4282cc8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210420 [GitHub] [pulsar] eolivelli merged pull request #10266: [Security] Upgrade Netty to 4.1.63.Final to address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7879ddcb990c835c6b246654770d836f9d031dee982be836744e50ed@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5baac01f9e06c40ff7aab209d5751b3b58802c63734e33324b70a06a@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-dev] 20210424 [jira] [Created] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra64d56a8a331ffd7bdcd24a9aaaeeedeacd5d639f5a683389123f898@%3Cdev.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210426 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd8f72411fb75b98d366400ae789966373b5c3eb3f511e717caf3e49e@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210426 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re7c69756a102bebce8b8681882844a53e2f23975a189363e68ad0324@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210506 [GitHub] [kafka] dongjinleekr opened a new pull request #10642: KAFKA-12756: Update Zookeeper to 3.6.3 or higher",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbde2f13daf4911504f0eaea43eee4f42555241b5f6d9d71564b6c5fa@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210511 [jira] [Commented] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r855b4b6814ac829ce2d48dd9d8138d07f33387e710de798ee92c011e@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210517 [jira] [Updated] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rafc77f9f03031297394f3d372ccea751b23576f8a2ae9b6b053894c5@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re39391adcb863f0e9f3f15e7986255948f263f02e4700b82453e7102@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210517 [jira] [Created] (ZOOKEEPER-4295) Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re9e6ed60941da831675de2f8f733c026757fb4fa28a7b6c9f3dfb575@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210517 [GitHub] [zookeeper] gpiyush-dev opened a new pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re1911e05c08f3ec2bab85744d788773519a0afb27272a31ac2a0b4e8@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210521 [GitHub] [zookeeper] maoling commented on pull request #1696: ZOOKEEPER-4295: Upgrade Netty library to \u003e 4.1.60 due to security vulnerability CVE-2021-21409 in branch-3.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/redef0fb5474fd686781007de9ddb852b24f1b04131a248d9a4789183@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210610 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0b09f3e31e004fe583f677f7afa46bd30110904576c13c5ac818ac2c@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "[flink-issues] 20210618 [jira] [Updated] (FLINK-22441) In Flink v1.11.3 contains netty(version:3.10.6) netty(version:4.1.60) . There are many vulnerabilities, like CVE-2021-21409 etc. please confirm these version and fix. thx",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r602e98daacc98934f097f07f2eed6eb07c18bfc1949c8489dc7bfcf5@%3Cissues.flink.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210604-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210604-0003/"
            },
            {
              "name": "[zookeeper-issues] 20210727 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rba2a9ef1d0af882ab58fadb336a58818495245dda43d32a7d7837187@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210727 [jira] [Comment Edited] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raa413040db6d2197593cc03edecfd168732e697119e6447b0a25d525@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210727 [GitHub] [zookeeper] sandipbhattacharya commented on pull request #1678: ZOOKEEPER-4278: dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf148b2bf6c2754153a8629bc7495e216bd0bd4c915695486542a10b4@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[kudu-issues] 20210904 [jira] [Created] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd4a6b7dec38ea6cd28b6f94bd4b312629a52b80be3786d5fb0e474bc@%3Cissues.kudu.apache.org%3E"
            },
            {
              "name": "[kudu-issues] 20210904 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca0978b634a0c3ebee4126ec29c7f570b165fae3f8f3658754c1cbd3@%3Cissues.kudu.apache.org%3E"
            },
            {
              "name": "[kudu-issues] 20210907 [jira] [Resolved] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf934292a4a1c189827f625d567838d2c1001e4739b158638d844105b@%3Cissues.kudu.apache.org%3E"
            },
            {
              "name": "[kudu-issues] 20210907 [jira] [Commented] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra655e5cec74d1ddf62adacb71d398abd96f3ea2c588f6bbf048348eb@%3Cissues.kudu.apache.org%3E"
            },
            {
              "name": "[kudu-issues] 20210907 [jira] [Updated] (KUDU-3313) There is a CVE-2021-21409 vulnerability in netty version 4.1.60",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4ea2f1a9d79d4fc1896e085f31fb60a21b1770d0a26a5250f849372d@%3Cissues.kudu.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210922 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6dac9bd799ceac499c7a7e152a9b0dc7f2fe7f89ec5605d129bb047b@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210923 [jira] [Commented] (ZOOKEEPER-4278) dependency-check:check failing - netty-transport-4.1.60.Final CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r31044fb995e894749cb821c6fe56f487c16a97028e6e360e59f09d58@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5f2f120b2b8d099226473db1832ffb4d7c1d6dc2d228a164bf293a8e@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210923 [jira] [Created] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcae42fba06979934208bbd515584b241d3ad01d1bb8b063512644362@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210923 [jira] [Assigned] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9ec78dc409f3f1edff88f21cab53737f36aad46f582a9825389092e0@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210923 [jira] [Updated] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7b54563abebe3dbbe421e1ba075c2030d8d460372f8c79b7789684b6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210924 [jira] [Resolved] (ZOOKEEPER-4385) Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r967002f0939e69bdec58f070735a19dd57c1f2b8f817949ca17cddae@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210924 [zookeeper] branch branch-3.5 updated: ZOOKEEPER-4385. Backport ZOOKEEPER-4278 to branch-3.5 to Address CVE-2021-21409",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9fe840c36b74f92b8d4a089ada1f9fd1d6293742efa18b10e06b66d2@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "[pulsar-commits] 20211020 [GitHub] [pulsar] Shoothzj opened a new pull request #12437: [Security] Bump grpc to 1.41.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r584cf871f188c406d8bd447ff4e2fd9817fca862436c064d0951a071@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-f256-j965-7f32",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-21409",
    "datePublished": "2021-03-30T15:05:17",
    "dateReserved": "2020-12-22T00:00:00",
    "dateUpdated": "2024-08-03T18:09:16.144Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2022-24407
Vulnerability from cvelistv5
Published
2022-02-23 00:00
Modified
2024-08-03 04:13
Severity ?
Summary
In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T04:13:55.263Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"
          },
          {
            "name": "[oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 \u0026 CVE-2019-19906]",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
          },
          {
            "name": "DSA-5087",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5087"
          },
          {
            "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html"
          },
          {
            "name": "FEDORA-2022-f9642fab70",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/"
          },
          {
            "name": "FEDORA-2022-8cc64f73d0",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/"
          },
          {
            "name": "FEDORA-2022-e33e824d37",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20221007-0003/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Cyrus SASL 2.1.17 through 2.1.27 before 2.1.28, plugins/sql.c does not escape the password for a SQL INSERT or UPDATE statement."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28"
        },
        {
          "name": "[oss-security] 20220223 Fwd: Cyrus-SASL 2.1.28 released [fixes CVE-2022-24407 \u0026 CVE-2019-19906]",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2022/02/23/4"
        },
        {
          "name": "DSA-5087",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5087"
        },
        {
          "name": "[debian-lts-announce] 20220306 [SECURITY] [DLA 2931-1] cyrus-sasl2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/03/msg00002.html"
        },
        {
          "name": "FEDORA-2022-f9642fab70",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZZC6BMPI3V3MC2IGNLN377ETUWO7QBIH/"
        },
        {
          "name": "FEDORA-2022-8cc64f73d0",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H26R4SMGM3WHXX4XYNNJB4YGFIL5UNF4/"
        },
        {
          "name": "FEDORA-2022-e33e824d37",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4FIXU75Q6RBNK6UYM7MQ3TCFGXR7AX4U/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://github.com/cyrusimap/cyrus-sasl/blob/fdcd13ceaef8de684dc69008011fa865c5b4a3ac/docsrc/sasl/release-notes/2.1/index.rst"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20221007-0003/"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2022-24407",
    "datePublished": "2022-02-23T00:00:00",
    "dateReserved": "2022-02-04T00:00:00",
    "dateUpdated": "2024-08-03T04:13:55.263Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36518
Vulnerability from cvelistv5
Published
2022-03-11 00:00
Modified
2024-08-04 17:30
Severity ?
Summary
jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects.
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:30:08.127Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2816"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
          },
          {
            "name": "DSA-5283",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2022/dsa-5283"
          },
          {
            "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jackson-databind before 2.13.0 allows a Java StackOverflow exception and denial of service via a large depth of nested objects."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-27T00:00:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://github.com/FasterXML/jackson-databind/issues/2816"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "[debian-lts-announce] 20220502 [SECURITY] [DLA 2990-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/05/msg00001.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220506-0004/"
        },
        {
          "name": "DSA-5283",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2022/dsa-5283"
        },
        {
          "name": "[debian-lts-announce] 20221127 [SECURITY] [DLA 3207-1] jackson-databind security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2022/11/msg00035.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36518",
    "datePublished": "2022-03-11T00:00:00",
    "dateReserved": "2022-03-11T00:00:00",
    "dateUpdated": "2024-08-04T17:30:08.127Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-30129
Vulnerability from cvelistv5
Published
2021-07-12 12:10
Modified
2024-08-03 22:24
Severity ?
Summary
A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0
Impacted products
Vendor Product Version
Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:24:59.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
          },
          {
            "name": "[mina-users] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
          },
          {
            "name": "[announce] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/07/12/1"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Mina SSHD",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.7.0",
                  "status": "unaffected"
                }
              ],
              "lessThan": "Apache Mina SSHD*",
              "status": "affected",
              "version": "2.0.0",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "oom",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:27:35",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
        },
        {
          "name": "[mina-users] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
        },
        {
          "name": "[announce] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/07/12/1"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "defect": [
          "SSHD-1125"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "DoS/OOM leak vulnerability in Apache Mina SSHD Server",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-30129",
          "STATE": "PUBLIC",
          "TITLE": "DoS/OOM leak vulnerability in Apache Mina SSHD Server"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Mina SSHD",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_name": "Apache Mina SSHD",
                            "version_value": "2.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Apache Mina SSHD",
                            "version_value": "2.7.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in sshd-core of Apache Mina SSHD allows an attacker to overflow the server causing an OutOfMemory error. This issue affects the SFTP and port forwarding features of Apache Mina SSHD version 2.0.0 and later versions. It was addressed in Apache Mina SSHD 2.7.0"
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {}
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "oom"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f%40%3Cusers.mina.apache.org%3E"
            },
            {
              "name": "[mina-users] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6d4f78e192a0c8eabd671a018da464024642980ecd24096bde6db36f@%3Cusers.mina.apache.org%3E"
            },
            {
              "name": "[announce] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/red01829efa2a8c893c4baff4f23c9312bd938543a9b8658e172b853b@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210712 CVE-2021-30129: DoS/OOM leak vulnerability in Apache Mina SSHD Server",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/07/12/1"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "defect": [
            "SSHD-1125"
          ],
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-30129",
    "datePublished": "2021-07-12T12:10:10",
    "dateReserved": "2021-04-05T00:00:00",
    "dateUpdated": "2024-08-03T22:24:59.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}