All the vulnerabilites related to oracle - communications_diameter_signaling_router
Vulnerability from fkie_nvd
Published
2020-01-15 17:15
Modified
2024-11-21 05:25
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujan2021.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujul2021.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2021.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
oracle access_manager 11.1.2.3.0
oracle coherence 3.7.1.0
oracle coherence 12.1.3.0.0
oracle coherence 12.2.1.3.0
oracle coherence 12.2.1.4.0
oracle commerce_platform *
oracle commerce_platform 11.0.0
oracle commerce_platform 11.1.0
oracle commerce_platform 11.2.0
oracle communications_diameter_signaling_router *
oracle healthcare_data_repository 7.0.1
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle utilities_framework *
oracle utilities_framework 4.2.0.2.0
oracle utilities_framework 4.2.0.3.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0


To clipboard 

{
  "cisaActionDue": "2022-05-03",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Oracle Multiple Products Remote Code Execution Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:access_manager:11.1.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DEAFEDC-2D0F-4A5F-99A0-BD41DD6DC017",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:3.7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06EF2E5D-265E-44FE-9F99-7C5AC7B2C0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E3D6BC7-B12D-44A9-84F1-7B97F848B97A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "956B2712-8FB5-4FBF-A7FF-8930C05677FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F012E976-E219-46C2-8177-60ED859594BE",
              "versionEndIncluding": "11.3.2",
              "versionStartIncluding": "11.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4C83795-643C-41BC-803B-2CD8A076FEDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD4C5459-C573-49C8-A196-DAC66675DC8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "207005A4-D010-462E-82C8-F730D0443C7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Coherence de Oracle Fusion Middleware (componente: Caching, CacheStore, Invocation). Las versiones compatibles que se ven afectadas son 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 y 12.2.1.4.0. La vulnerabilidad f\u00e1cilmente explotable permite que un atacante no autenticado con acceso a la red a trav\u00e9s de T3 comprometa Oracle Coherence. Los ataques exitosos de esta vulnerabilidad pueden resultar en la adquisici\u00f3n de Oracle Coherence. Puntaje base CVSS 3.0 9.8 (Confidencialidad, integridad y impactos de disponibilidad). Vector CVSS: (CVSS: 3.0 / AV: N / AC: L / PR: N / UI: N / S: U / C: H / I: H / A: H)."
    }
  ],
  "id": "CVE-2020-2555",
  "lastModified": "2024-11-21T05:25:31.510",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-15T17:15:17.347",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-01-04 13:29
Modified
2024-11-21 03:28
Severity ?
5.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlBroken Link
secure@intel.comhttp://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlBroken Link
secure@intel.comhttp://nvidia.custhelp.com/app/answers/detail/a_id/4609Third Party Advisory
secure@intel.comhttp://nvidia.custhelp.com/app/answers/detail/a_id/4611Third Party Advisory
secure@intel.comhttp://nvidia.custhelp.com/app/answers/detail/a_id/4613Third Party Advisory
secure@intel.comhttp://nvidia.custhelp.com/app/answers/detail/a_id/4614Third Party Advisory
secure@intel.comhttp://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlExploit, Third Party Advisory, VDB Entry
secure@intel.comhttp://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.htmlThird Party Advisory, VDB Entry
secure@intel.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txtThird Party Advisory
secure@intel.comhttp://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txtThird Party Advisory
secure@intel.comhttp://www.kb.cert.org/vuls/id/584653Third Party Advisory, US Government Resource
secure@intel.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlThird Party Advisory
secure@intel.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlThird Party Advisory
secure@intel.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlThird Party Advisory
secure@intel.comhttp://www.securityfocus.com/bid/102376Third Party Advisory, VDB Entry
secure@intel.comhttp://www.securitytracker.com/id/1040071Third Party Advisory, VDB Entry
secure@intel.comhttp://xenbits.xen.org/xsa/advisory-254.htmlThird Party Advisory
secure@intel.comhttps://access.redhat.com/errata/RHSA-2018:0292Third Party Advisory
secure@intel.comhttps://access.redhat.com/security/vulnerabilities/speculativeexecutionThird Party Advisory
secure@intel.comhttps://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/Third Party Advisory
secure@intel.comhttps://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/Third Party Advisory
secure@intel.comhttps://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfThird Party Advisory
secure@intel.comhttps://cert.vde.com/en-us/advisories/vde-2018-002Third Party Advisory
secure@intel.comhttps://cert.vde.com/en-us/advisories/vde-2018-003Third Party Advisory
secure@intel.comhttps://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityThird Party Advisory
secure@intel.comhttps://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlThird Party Advisory
secure@intel.comhttps://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesThird Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2020/03/msg00025.htmlMailing List, Third Party Advisory
secure@intel.comhttps://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
secure@intel.comhttps://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002Patch, Third Party Advisory, Vendor Advisory
secure@intel.comhttps://seclists.org/bugtraq/2019/Jun/36Issue Tracking, Mailing List, Third Party Advisory
secure@intel.comhttps://seclists.org/bugtraq/2019/Nov/16Issue Tracking, Mailing List, Third Party Advisory
secure@intel.comhttps://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frVendor Advisory
secure@intel.comhttps://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.ascThird Party Advisory
secure@intel.comhttps://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.ascThird Party Advisory
secure@intel.comhttps://security.gentoo.org/glsa/201810-06Third Party Advisory
secure@intel.comhttps://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlThird Party Advisory
secure@intel.comhttps://security.netapp.com/advisory/ntap-20180104-0001/Third Party Advisory
secure@intel.comhttps://security.paloaltonetworks.com/CVE-2017-5715Third Party Advisory
secure@intel.comhttps://spectreattack.com/Third Party Advisory
secure@intel.comhttps://support.citrix.com/article/CTX231399Third Party Advisory
secure@intel.comhttps://support.f5.com/csp/article/K91229003Third Party Advisory
secure@intel.comhttps://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_usThird Party Advisory
secure@intel.comhttps://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_usThird Party Advisory
secure@intel.comhttps://support.lenovo.com/us/en/solutions/LEN-18282Third Party Advisory
secure@intel.comhttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelThird Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3531-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3531-3/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3540-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3541-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3542-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3549-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3560-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3561-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3580-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3581-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3581-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3582-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3582-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3594-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3597-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3597-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3620-2/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3690-1/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/3777-3/Third Party Advisory
secure@intel.comhttps://usn.ubuntu.com/usn/usn-3516-1/Third Party Advisory
secure@intel.comhttps://www.debian.org/security/2018/dsa-4120Third Party Advisory
secure@intel.comhttps://www.debian.org/security/2018/dsa-4187Third Party Advisory
secure@intel.comhttps://www.debian.org/security/2018/dsa-4188Third Party Advisory
secure@intel.comhttps://www.debian.org/security/2018/dsa-4213Third Party Advisory
secure@intel.comhttps://www.exploit-db.com/exploits/43427/Exploit, Third Party Advisory, VDB Entry
secure@intel.comhttps://www.kb.cert.org/vuls/id/180049Third Party Advisory, US Government Resource
secure@intel.comhttps://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001Third Party Advisory
secure@intel.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
secure@intel.comhttps://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/Third Party Advisory
secure@intel.comhttps://www.synology.com/support/security/Synology_SA_18_01Third Party Advisory
secure@intel.comhttps://www.vmware.com/security/advisories/VMSA-2018-0007.htmlThird Party Advisory
secure@intel.comhttps://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlThird Party Advisory
secure@intel.comhttps://www.vmware.com/us/security/advisories/VMSA-2018-0004.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlBroken Link
af854a3a-2127-422b-91ae-364da2661108http://nvidia.custhelp.com/app/answers/detail/a_id/4609Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://nvidia.custhelp.com/app/answers/detail/a_id/4611Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://nvidia.custhelp.com/app/answers/detail/a_id/4613Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://nvidia.custhelp.com/app/answers/detail/a_id/4614Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txtThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.kb.cert.org/vuls/id/584653Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/102376Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040071Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://xenbits.xen.org/xsa/advisory-254.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0292Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/security/vulnerabilities/speculativeexecutionThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2018-002Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert.vde.com/en-us/advisories/vde-2018-003Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+FixesThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html
af854a3a-2127-422b-91ae-364da2661108https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002Patch, Third Party Advisory, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/36Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Nov/16Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.ascThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201810-06Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180104-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.paloaltonetworks.com/CVE-2017-5715Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://spectreattack.com/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.citrix.com/article/CTX231399Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K91229003Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_usThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/solutions/LEN-18282Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3531-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3531-3/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3540-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3541-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3542-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3549-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3560-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3561-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3580-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3581-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3581-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3582-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3582-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3594-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3597-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3597-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3620-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3690-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3777-3/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/usn/usn-3516-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4120Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4187Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4188Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4213Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/43427/Exploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/180049Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/support/security/Synology_SA_18_01Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vmware.com/security/advisories/VMSA-2018-0007.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.vmware.com/us/security/advisories/VMSA-2018-0004.htmlThird Party Advisory
Impacted products
Vendor Product Version
intel atom_c c2308
intel atom_c c2316
intel atom_c c2338
intel atom_c c2350
intel atom_c c2358
intel atom_c c2508
intel atom_c c2516
intel atom_c c2518
intel atom_c c2530
intel atom_c c2538
intel atom_c c2550
intel atom_c c2558
intel atom_c c2718
intel atom_c c2730
intel atom_c c2738
intel atom_c c2750
intel atom_c c2758
intel atom_c c3308
intel atom_c c3338
intel atom_c c3508
intel atom_c c3538
intel atom_c c3558
intel atom_c c3708
intel atom_c c3750
intel atom_c c3758
intel atom_c c3808
intel atom_c c3830
intel atom_c c3850
intel atom_c c3858
intel atom_c c3950
intel atom_c c3955
intel atom_c c3958
intel atom_e e3805
intel atom_e e3815
intel atom_e e3825
intel atom_e e3826
intel atom_e e3827
intel atom_e e3845
intel atom_x3 c3130
intel atom_x3 c3200rk
intel atom_x3 c3205rk
intel atom_x3 c3230rk
intel atom_x3 c3235rk
intel atom_x3 c3265rk
intel atom_x3 c3295rk
intel atom_x3 c3405
intel atom_x3 c3445
intel atom_x5-e3930 -
intel atom_x5-e3940 -
intel atom_x7-e3950 -
intel atom_z z2420
intel atom_z z2460
intel atom_z z2480
intel atom_z z2520
intel atom_z z2560
intel atom_z z2580
intel atom_z z2760
intel atom_z z3460
intel atom_z z3480
intel atom_z z3530
intel atom_z z3560
intel atom_z z3570
intel atom_z z3580
intel atom_z z3590
intel atom_z z3735d
intel atom_z z3735e
intel atom_z z3735f
intel atom_z z3735g
intel atom_z z3736f
intel atom_z z3736g
intel atom_z z3740
intel atom_z z3740d
intel atom_z z3745
intel atom_z z3745d
intel atom_z z3770
intel atom_z z3770d
intel atom_z z3775
intel atom_z z3775d
intel atom_z z3785
intel atom_z z3795
intel celeron_j j1750
intel celeron_j j1800
intel celeron_j j1850
intel celeron_j j1900
intel celeron_j j3060
intel celeron_j j3160
intel celeron_j j3355
intel celeron_j j3455
intel celeron_j j4005
intel celeron_j j4105
intel celeron_n n2805
intel celeron_n n2806
intel celeron_n n2807
intel celeron_n n2808
intel celeron_n n2810
intel celeron_n n2815
intel celeron_n n2820
intel celeron_n n2830
intel celeron_n n2840
intel celeron_n n2910
intel celeron_n n2920
intel celeron_n n2930
intel celeron_n n2940
intel celeron_n n3000
intel celeron_n n3010
intel celeron_n n3050
intel celeron_n n3060
intel celeron_n n3150
intel celeron_n n3160
intel celeron_n n3350
intel celeron_n n3450
intel celeron_n n4000
intel celeron_n n4100
intel core_i3 330e
intel core_i3 330m
intel core_i3 330um
intel core_i3 350m
intel core_i3 370m
intel core_i3 380m
intel core_i3 380um
intel core_i3 390m
intel core_i3 530
intel core_i3 540
intel core_i3 550
intel core_i3 560
intel core_i3 2100
intel core_i3 2100t
intel core_i3 2102
intel core_i3 2105
intel core_i3 2115c
intel core_i3 2120
intel core_i3 2120t
intel core_i3 2125
intel core_i3 2130
intel core_i3 2310e
intel core_i3 2310m
intel core_i3 2312m
intel core_i3 2328m
intel core_i3 2330e
intel core_i3 2330m
intel core_i3 2340ue
intel core_i3 2348m
intel core_i3 2350m
intel core_i3 2357m
intel core_i3 2365m
intel core_i3 2367m
intel core_i3 2370m
intel core_i3 2375m
intel core_i3 2377m
intel core_i3 3110m
intel core_i3 3115c
intel core_i3 3120m
intel core_i3 3120me
intel core_i3 3130m
intel core_i3 3210
intel core_i3 3217u
intel core_i3 3217ue
intel core_i3 3220
intel core_i3 3220t
intel core_i3 3225
intel core_i3 3227u
intel core_i3 3229y
intel core_i3 3240
intel core_i3 3240t
intel core_i3 3245
intel core_i3 3250
intel core_i3 3250t
intel core_i3 4000m
intel core_i3 4005u
intel core_i3 4010u
intel core_i3 4010y
intel core_i3 4012y
intel core_i3 4020y
intel core_i3 4025u
intel core_i3 4030u
intel core_i3 4030y
intel core_i3 4100e
intel core_i3 4100m
intel core_i3 4100u
intel core_i3 4102e
intel core_i3 4110e
intel core_i3 4110m
intel core_i3 4112e
intel core_i3 4120u
intel core_i3 4130
intel core_i3 4130t
intel core_i3 4150
intel core_i3 4150t
intel core_i3 4158u
intel core_i3 4160
intel core_i3 4160t
intel core_i3 4170
intel core_i3 4170t
intel core_i3 4330
intel core_i3 4330t
intel core_i3 4330te
intel core_i3 4340
intel core_i3 4340te
intel core_i3 4350
intel core_i3 4350t
intel core_i3 4360
intel core_i3 4360t
intel core_i3 4370
intel core_i3 4370t
intel core_i3 5005u
intel core_i3 5010u
intel core_i3 5015u
intel core_i3 5020u
intel core_i3 5157u
intel core_i3 6006u
intel core_i3 6098p
intel core_i3 6100
intel core_i3 6100e
intel core_i3 6100h
intel core_i3 6100t
intel core_i3 6100te
intel core_i3 6100u
intel core_i3 6102e
intel core_i3 6157u
intel core_i3 6167u
intel core_i3 6300
intel core_i3 6300t
intel core_i3 6320
intel core_i3 8100
intel core_i3 8350k
intel core_i5 430m
intel core_i5 430um
intel core_i5 450m
intel core_i5 460m
intel core_i5 470um
intel core_i5 480m
intel core_i5 520e
intel core_i5 520m
intel core_i5 520um
intel core_i5 540m
intel core_i5 540um
intel core_i5 560m
intel core_i5 560um
intel core_i5 580m
intel core_i5 650
intel core_i5 655k
intel core_i5 660
intel core_i5 661
intel core_i5 670
intel core_i5 680
intel core_i5 750
intel core_i5 750s
intel core_i5 760
intel core_i5 2300
intel core_i5 2310
intel core_i5 2320
intel core_i5 2380p
intel core_i5 2390t
intel core_i5 2400
intel core_i5 2400s
intel core_i5 2405s
intel core_i5 2410m
intel core_i5 2430m
intel core_i5 2435m
intel core_i5 2450m
intel core_i5 2450p
intel core_i5 2467m
intel core_i5 2500
intel core_i5 2500k
intel core_i5 2500s
intel core_i5 2500t
intel core_i5 2510e
intel core_i5 2515e
intel core_i5 2520m
intel core_i5 2537m
intel core_i5 2540m
intel core_i5 2550k
intel core_i5 2557m
intel core_i5 3210m
intel core_i5 3230m
intel core_i5 3317u
intel core_i5 3320m
intel core_i5 3330
intel core_i5 3330s
intel core_i5 3337u
intel core_i5 3339y
intel core_i5 3340
intel core_i5 3340m
intel core_i5 3340s
intel core_i5 3350p
intel core_i5 3360m
intel core_i5 3380m
intel core_i5 3427u
intel core_i5 3437u
intel core_i5 3439y
intel core_i5 3450
intel core_i5 3450s
intel core_i5 3470
intel core_i5 3470s
intel core_i5 3470t
intel core_i5 3475s
intel core_i5 3550
intel core_i5 3550s
intel core_i5 3570
intel core_i5 3570k
intel core_i5 3570s
intel core_i5 3570t
intel core_i5 3610me
intel core_i5 4200h
intel core_i5 4200m
intel core_i5 4200u
intel core_i5 4200y
intel core_i5 4202y
intel core_i5 4210h
intel core_i5 4210m
intel core_i5 4210u
intel core_i5 4210y
intel core_i5 4220y
intel core_i5 4250u
intel core_i5 4258u
intel core_i5 4260u
intel core_i5 4278u
intel core_i5 4288u
intel core_i5 4300m
intel core_i5 4300u
intel core_i5 4300y
intel core_i5 4302y
intel core_i5 4308u
intel core_i5 4310m
intel core_i5 4310u
intel core_i5 4330m
intel core_i5 4340m
intel core_i5 4350u
intel core_i5 4360u
intel core_i5 4400e
intel core_i5 4402e
intel core_i5 4402ec
intel core_i5 4410e
intel core_i5 4422e
intel core_i5 4430
intel core_i5 4430s
intel core_i5 4440
intel core_i5 4440s
intel core_i5 4460
intel core_i5 4460s
intel core_i5 4460t
intel core_i5 4570
intel core_i5 4570r
intel core_i5 4570s
intel core_i5 4570t
intel core_i5 4570te
intel core_i5 4590
intel core_i5 4590s
intel core_i5 4590t
intel core_i5 4670
intel core_i5 4670k
intel core_i5 4670r
intel core_i5 4670s
intel core_i5 4670t
intel core_i5 4690
intel core_i5 4690k
intel core_i5 4690s
intel core_i5 4690t
intel core_i5 5200u
intel core_i5 5250u
intel core_i5 5257u
intel core_i5 5287u
intel core_i5 5300u
intel core_i5 5350h
intel core_i5 5350u
intel core_i5 5575r
intel core_i5 5675c
intel core_i5 5675r
intel core_i5 6200u
intel core_i5 6260u
intel core_i5 6267u
intel core_i5 6287u
intel core_i5 6300hq
intel core_i5 6300u
intel core_i5 6350hq
intel core_i5 6360u
intel core_i5 6400
intel core_i5 6400t
intel core_i5 6402p
intel core_i5 6440eq
intel core_i5 6440hq
intel core_i5 6442eq
intel core_i5 6500
intel core_i5 6500t
intel core_i5 6500te
intel core_i5 6585r
intel core_i5 6600
intel core_i5 6600k
intel core_i5 6600t
intel core_i5 6685r
intel core_i5 8250u
intel core_i5 8350u
intel core_i5 8400
intel core_i5 8600k
intel core_i7 7y75
intel core_i7 610e
intel core_i7 620le
intel core_i7 620lm
intel core_i7 620m
intel core_i7 620ue
intel core_i7 620um
intel core_i7 640lm
intel core_i7 640m
intel core_i7 640um
intel core_i7 660lm
intel core_i7 660ue
intel core_i7 660um
intel core_i7 680um
intel core_i7 720qm
intel core_i7 740qm
intel core_i7 820qm
intel core_i7 840qm
intel core_i7 860
intel core_i7 860s
intel core_i7 870
intel core_i7 870s
intel core_i7 875k
intel core_i7 880
intel core_i7 920
intel core_i7 920xm
intel core_i7 930
intel core_i7 940
intel core_i7 940xm
intel core_i7 950
intel core_i7 960
intel core_i7 965
intel core_i7 970
intel core_i7 975
intel core_i7 980
intel core_i7 980x
intel core_i7 990x
intel core_i7 2600
intel core_i7 2600k
intel core_i7 2600s
intel core_i7 2610ue
intel core_i7 2617m
intel core_i7 2620m
intel core_i7 2629m
intel core_i7 2630qm
intel core_i7 2635qm
intel core_i7 2637m
intel core_i7 2640m
intel core_i7 2649m
intel core_i7 2655le
intel core_i7 2657m
intel core_i7 2670qm
intel core_i7 2675qm
intel core_i7 2677m
intel core_i7 2700k
intel core_i7 2710qe
intel core_i7 2715qe
intel core_i7 2720qm
intel core_i7 2760qm
intel core_i7 2820qm
intel core_i7 2860qm
intel core_i7 2920xm
intel core_i7 2960xm
intel core_i7 3517u
intel core_i7 3517ue
intel core_i7 3520m
intel core_i7 3537u
intel core_i7 3540m
intel core_i7 3555le
intel core_i7 3610qe
intel core_i7 3610qm
intel core_i7 3612qe
intel core_i7 3612qm
intel core_i7 3615qe
intel core_i7 3615qm
intel core_i7 3630qm
intel core_i7 3632qm
intel core_i7 3635qm
intel core_i7 3667u
intel core_i7 3687u
intel core_i7 3689y
intel core_i7 3720qm
intel core_i7 3740qm
intel core_i7 3770
intel core_i7 3770k
intel core_i7 3770s
intel core_i7 3770t
intel core_i7 3820qm
intel core_i7 3840qm
intel core_i7 4500u
intel core_i7 4510u
intel core_i7 4550u
intel core_i7 4558u
intel core_i7 4578u
intel core_i7 4600m
intel core_i7 4600u
intel core_i7 4610m
intel core_i7 4610y
intel core_i7 4650u
intel core_i7 4700ec
intel core_i7 4700eq
intel core_i7 4700hq
intel core_i7 4700mq
intel core_i7 4702ec
intel core_i7 4702hq
intel core_i7 4702mq
intel core_i7 4710hq
intel core_i7 4710mq
intel core_i7 4712hq
intel core_i7 4712mq
intel core_i7 4720hq
intel core_i7 4722hq
intel core_i7 4750hq
intel core_i7 4760hq
intel core_i7 4765t
intel core_i7 4770
intel core_i7 4770hq
intel core_i7 4770k
intel core_i7 4770r
intel core_i7 4770s
intel core_i7 4770t
intel core_i7 4770te
intel core_i7 4771
intel core_i7 4785t
intel core_i7 4790
intel core_i7 4790k
intel core_i7 4790s
intel core_i7 4790t
intel core_i7 4800mq
intel core_i7 4810mq
intel core_i7 4850hq
intel core_i7 4860hq
intel core_i7 4870hq
intel core_i7 4900mq
intel core_i7 4910mq
intel core_i7 4950hq
intel core_i7 4960hq
intel core_i7 4980hq
intel core_i7 5500u
intel core_i7 5550u
intel core_i7 5557u
intel core_i7 5600u
intel core_i7 5650u
intel core_i7 5700eq
intel core_i7 5700hq
intel core_i7 5750hq
intel core_i7 5775c
intel core_i7 5775r
intel core_i7 5850eq
intel core_i7 5850hq
intel core_i7 5950hq
intel core_i7 7500u
intel core_i7 7560u
intel core_i7 7567u
intel core_i7 7600u
intel core_i7 7660u
intel core_i7 7700
intel core_i7 7700hq
intel core_i7 7700k
intel core_i7 7700t
intel core_i7 7820eq
intel core_i7 7820hk
intel core_i7 7820hq
intel core_i7 7920hq
intel core_i7 8550u
intel core_i7 8650u
intel core_i7 8700
intel core_i7 8700k
intel core_m 5y10
intel core_m 5y10a
intel core_m 5y10c
intel core_m 5y31
intel core_m 5y51
intel core_m 5y70
intel core_m 5y71
intel core_m3 6y30
intel core_m3 7y30
intel core_m3 7y32
intel core_m5 6y54
intel core_m5 6y57
intel core_m7 6y75
intel pentium_j j2850
intel pentium_j j2900
intel pentium_j j3710
intel pentium_j j4205
intel pentium_n n3510
intel pentium_n n3520
intel pentium_n n3530
intel pentium_n n3540
intel pentium_n n3700
intel pentium_n n3710
intel pentium_n n4200
intel xeon e5502
intel xeon e5503
intel xeon e5504
intel xeon e5506
intel xeon e5507
intel xeon e5520
intel xeon e5530
intel xeon e5540
intel xeon e5603
intel xeon e5606
intel xeon e5607
intel xeon e5620
intel xeon e5630
intel xeon e5640
intel xeon e5645
intel xeon e5649
intel xeon e6510
intel xeon e6540
intel xeon e7520
intel xeon e7530
intel xeon e7540
intel xeon ec5509
intel xeon ec5539
intel xeon ec5549
intel xeon l3406
intel xeon l3426
intel xeon l5506
intel xeon l5508
intel xeon l5518
intel xeon l5520
intel xeon l5530
intel xeon l5609
intel xeon l5618
intel xeon l5630
intel xeon l5638
intel xeon l5640
intel xeon l7545
intel xeon l7555
intel xeon lc5518
intel xeon lc5528
intel xeon w3670
intel xeon w3680
intel xeon w3690
intel xeon w5580
intel xeon w5590
intel xeon x3430
intel xeon x3440
intel xeon x3450
intel xeon x3460
intel xeon x3470
intel xeon x3480
intel xeon x5550
intel xeon x5560
intel xeon x5570
intel xeon x5647
intel xeon x5650
intel xeon x5660
intel xeon x5667
intel xeon x5670
intel xeon x5672
intel xeon x5675
intel xeon x5677
intel xeon x5680
intel xeon x5687
intel xeon x5690
intel xeon x6550
intel xeon x7542
intel xeon x7550
intel xeon x7560
intel xeon_bronze_3104 -
intel xeon_bronze_3106 -
intel xeon_e-1105c -
intel xeon_e3 1505m_v6
intel xeon_e3 1515m_v5
intel xeon_e3 1535m_v5
intel xeon_e3 1535m_v6
intel xeon_e3 1545m_v5
intel xeon_e3 1558l_v5
intel xeon_e3 1565l_v5
intel xeon_e3 1575m_v5
intel xeon_e3 1578l_v5
intel xeon_e3 1585_v5
intel xeon_e3 1585l_v5
intel xeon_e3_1105c_v2 -
intel xeon_e3_1125c -
intel xeon_e3_1125c_v2 -
intel xeon_e3_1220 -
intel xeon_e3_1220_v2 -
intel xeon_e3_1220_v3 -
intel xeon_e3_1220_v5 -
intel xeon_e3_1220_v6 -
intel xeon_e3_12201 -
intel xeon_e3_12201_v2 -
intel xeon_e3_1220l_v3 -
intel xeon_e3_1225 -
intel xeon_e3_1225_v2 -
intel xeon_e3_1225_v3 -
intel xeon_e3_1225_v5 -
intel xeon_e3_1225_v6 -
intel xeon_e3_1226_v3 -
intel xeon_e3_1230 -
intel xeon_e3_1230_v2 -
intel xeon_e3_1230_v3 -
intel xeon_e3_1230_v5 -
intel xeon_e3_1230_v6 -
intel xeon_e3_1230l_v3 -
intel xeon_e3_1231_v3 -
intel xeon_e3_1235 -
intel xeon_e3_1235l_v5 -
intel xeon_e3_1240 -
intel xeon_e3_1240_v2 -
intel xeon_e3_1240_v3 -
intel xeon_e3_1240_v5 -
intel xeon_e3_1240_v6 -
intel xeon_e3_1240l_v3 -
intel xeon_e3_1240l_v5 -
intel xeon_e3_1241_v3 -
intel xeon_e3_1245 -
intel xeon_e3_1245_v2 -
intel xeon_e3_1245_v3 -
intel xeon_e3_1245_v5 -
intel xeon_e3_1245_v6 -
intel xeon_e3_1246_v3 -
intel xeon_e3_1258l_v4 -
intel xeon_e3_1260l -
intel xeon_e3_1260l_v5 -
intel xeon_e3_1265l_v2 -
intel xeon_e3_1265l_v3 -
intel xeon_e3_1265l_v4 -
intel xeon_e3_1268l_v3 -
intel xeon_e3_1268l_v5 -
intel xeon_e3_1270 -
intel xeon_e3_1270_v2 -
intel xeon_e3_1270_v3 -
intel xeon_e3_1270_v5 -
intel xeon_e3_1270_v6 -
intel xeon_e3_1271_v3 -
intel xeon_e3_1275 -
intel xeon_e3_1275_v2 -
intel xeon_e3_1275_v3 -
intel xeon_e3_1275_v5 -
intel xeon_e3_1275_v6 -
intel xeon_e3_1275l_v3 -
intel xeon_e3_1276_v3 -
intel xeon_e3_1278l_v4 -
intel xeon_e3_1280 -
intel xeon_e3_1280_v2 -
intel xeon_e3_1280_v3 -
intel xeon_e3_1280_v5 -
intel xeon_e3_1280_v6 -
intel xeon_e3_1281_v3 -
intel xeon_e3_1285_v3 -
intel xeon_e3_1285_v4 -
intel xeon_e3_1285_v6 -
intel xeon_e3_1285l_v3 -
intel xeon_e3_1285l_v4 -
intel xeon_e3_1286_v3 -
intel xeon_e3_1286l_v3 -
intel xeon_e3_1290 -
intel xeon_e3_1290_v2 -
intel xeon_e3_1501l_v6 -
intel xeon_e3_1501m_v6 -
intel xeon_e3_1505l_v5 -
intel xeon_e3_1505l_v6 -
intel xeon_e3_1505m_v5 -
intel xeon_e5 2650l_v4
intel xeon_e5 2658
intel xeon_e5 2658_v2
intel xeon_e5 2658_v3
intel xeon_e5 2658_v4
intel xeon_e5 2658a_v3
intel xeon_e5 2660
intel xeon_e5 2660_v2
intel xeon_e5 2660_v3
intel xeon_e5 2660_v4
intel xeon_e5 2665
intel xeon_e5 2667
intel xeon_e5 2667_v2
intel xeon_e5 2667_v3
intel xeon_e5 2667_v4
intel xeon_e5 2670
intel xeon_e5 2670_v2
intel xeon_e5 2670_v3
intel xeon_e5 2680
intel xeon_e5 2680_v2
intel xeon_e5 2680_v3
intel xeon_e5 2680_v4
intel xeon_e5 2683_v3
intel xeon_e5 2683_v4
intel xeon_e5 2687w
intel xeon_e5 2687w_v2
intel xeon_e5 2687w_v3
intel xeon_e5 2687w_v4
intel xeon_e5 2690
intel xeon_e5 2690_v2
intel xeon_e5 2690_v3
intel xeon_e5 2690_v4
intel xeon_e5 2695_v2
intel xeon_e5 2695_v3
intel xeon_e5 2695_v4
intel xeon_e5 2697_v2
intel xeon_e5 2697_v3
intel xeon_e5 2697_v4
intel xeon_e5 2697a_v4
intel xeon_e5 2698_v3
intel xeon_e5 2698_v4
intel xeon_e5 2699_v3
intel xeon_e5 2699_v4
intel xeon_e5 2699a_v4
intel xeon_e5 2699r_v4
intel xeon_e5 4603
intel xeon_e5 4603_v2
intel xeon_e5 4607
intel xeon_e5 4607_v2
intel xeon_e5 4610
intel xeon_e5 4610_v2
intel xeon_e5 4610_v3
intel xeon_e5 4610_v4
intel xeon_e5 4617
intel xeon_e5 4620
intel xeon_e5 4620_v2
intel xeon_e5 4620_v3
intel xeon_e5 4620_v4
intel xeon_e5 4624l_v2
intel xeon_e5 4627_v2
intel xeon_e5 4627_v3
intel xeon_e5 4627_v4
intel xeon_e5 4628l_v4
intel xeon_e5 4640
intel xeon_e5 4640_v2
intel xeon_e5 4640_v3
intel xeon_e5 4640_v4
intel xeon_e5 4648_v3
intel xeon_e5 4650
intel xeon_e5 4650_v2
intel xeon_e5 4650_v3
intel xeon_e5 4650_v4
intel xeon_e5 4650l
intel xeon_e5 4655_v3
intel xeon_e5 4655_v4
intel xeon_e5 4657l_v2
intel xeon_e5 4660_v3
intel xeon_e5 4660_v4
intel xeon_e5 4667_v3
intel xeon_e5 4667_v4
intel xeon_e5 4669_v3
intel xeon_e5 4669_v4
intel xeon_e5_1428l -
intel xeon_e5_1428l_v2 -
intel xeon_e5_1428l_v3 -
intel xeon_e5_1620 -
intel xeon_e5_1620_v2 -
intel xeon_e5_1620_v3 -
intel xeon_e5_1620_v4 -
intel xeon_e5_1630_v3 -
intel xeon_e5_1630_v4 -
intel xeon_e5_1650 -
intel xeon_e5_1650_v2 -
intel xeon_e5_1650_v3 -
intel xeon_e5_1650_v4 -
intel xeon_e5_1660 -
intel xeon_e5_1660_v2 -
intel xeon_e5_1660_v3 -
intel xeon_e5_1660_v4 -
intel xeon_e5_1680_v3 -
intel xeon_e5_1680_v4 -
intel xeon_e5_2403 -
intel xeon_e5_2403_v2 -
intel xeon_e5_2407 -
intel xeon_e5_2407_v2 -
intel xeon_e5_2408l_v3 -
intel xeon_e5_2418l -
intel xeon_e5_2418l_v2 -
intel xeon_e5_2418l_v3 -
intel xeon_e5_2420 -
intel xeon_e5_2420_v2 -
intel xeon_e5_2428l -
intel xeon_e5_2428l_v2 -
intel xeon_e5_2428l_v3 -
intel xeon_e5_2430 -
intel xeon_e5_2430_v2 -
intel xeon_e5_2430l -
intel xeon_e5_2430l_v2 -
intel xeon_e5_2438l_v3 -
intel xeon_e5_2440 -
intel xeon_e5_2440_v2 -
intel xeon_e5_2448l -
intel xeon_e5_2448l_v2 -
intel xeon_e5_2450 -
intel xeon_e5_2450_v2 -
intel xeon_e5_2450l -
intel xeon_e5_2450l_v2 -
intel xeon_e5_2470 -
intel xeon_e5_2470_v2 -
intel xeon_e5_2603 -
intel xeon_e5_2603_v2 -
intel xeon_e5_2603_v3 -
intel xeon_e5_2603_v4 -
intel xeon_e5_2608l_v3 -
intel xeon_e5_2608l_v4 -
intel xeon_e5_2609 -
intel xeon_e5_2609_v2 -
intel xeon_e5_2609_v3 -
intel xeon_e5_2609_v4 -
intel xeon_e5_2618l_v2 -
intel xeon_e5_2618l_v3 -
intel xeon_e5_2618l_v4 -
intel xeon_e5_2620 -
intel xeon_e5_2620_v2 -
intel xeon_e5_2620_v3 -
intel xeon_e5_2620_v4 -
intel xeon_e5_2623_v3 -
intel xeon_e5_2623_v4 -
intel xeon_e5_2628l_v2 -
intel xeon_e5_2628l_v3 -
intel xeon_e5_2628l_v4 -
intel xeon_e5_2630 -
intel xeon_e5_2630_v2 -
intel xeon_e5_2630_v3 -
intel xeon_e5_2630_v4 -
intel xeon_e5_2630l -
intel xeon_e5_2630l_v2 -
intel xeon_e5_2630l_v3 -
intel xeon_e5_2630l_v4 -
intel xeon_e5_2637 -
intel xeon_e5_2637_v2 -
intel xeon_e5_2637_v3 -
intel xeon_e5_2637_v4 -
intel xeon_e5_2640 -
intel xeon_e5_2640_v2 -
intel xeon_e5_2640_v3 -
intel xeon_e5_2640_v4 -
intel xeon_e5_2643 -
intel xeon_e5_2643_v2 -
intel xeon_e5_2643_v3 -
intel xeon_e5_2643_v4 -
intel xeon_e5_2648l -
intel xeon_e5_2648l_v2 -
intel xeon_e5_2648l_v3 -
intel xeon_e5_2648l_v4 -
intel xeon_e5_2650 -
intel xeon_e5_2650_v2 -
intel xeon_e5_2650_v3 -
intel xeon_e5_2650_v4 -
intel xeon_e5_2650l -
intel xeon_e5_2650l_v2 -
intel xeon_e5_2650l_v3 -
intel xeon_e7 2803
intel xeon_e7 2820
intel xeon_e7 2830
intel xeon_e7 2850
intel xeon_e7 2850_v2
intel xeon_e7 2860
intel xeon_e7 2870
intel xeon_e7 2870_v2
intel xeon_e7 2880_v2
intel xeon_e7 2890_v2
intel xeon_e7 4807
intel xeon_e7 4809_v2
intel xeon_e7 4809_v3
intel xeon_e7 4809_v4
intel xeon_e7 4820
intel xeon_e7 4820_v2
intel xeon_e7 4820_v3
intel xeon_e7 4820_v4
intel xeon_e7 4830
intel xeon_e7 4830_v2
intel xeon_e7 4830_v3
intel xeon_e7 4830_v4
intel xeon_e7 4850
intel xeon_e7 4850_v2
intel xeon_e7 4850_v3
intel xeon_e7 4850_v4
intel xeon_e7 4860
intel xeon_e7 4860_v2
intel xeon_e7 4870
intel xeon_e7 4870_v2
intel xeon_e7 4880_v2
intel xeon_e7 4890_v2
intel xeon_e7 8830
intel xeon_e7 8837
intel xeon_e7 8850
intel xeon_e7 8850_v2
intel xeon_e7 8857_v2
intel xeon_e7 8860
intel xeon_e7 8860_v3
intel xeon_e7 8860_v4
intel xeon_e7 8867_v3
intel xeon_e7 8867_v4
intel xeon_e7 8867l
intel xeon_e7 8870
intel xeon_e7 8870_v2
intel xeon_e7 8870_v3
intel xeon_e7 8870_v4
intel xeon_e7 8880_v2
intel xeon_e7 8880_v3
intel xeon_e7 8880_v4
intel xeon_e7 8880l_v2
intel xeon_e7 8880l_v3
intel xeon_e7 8890_v2
intel xeon_e7 8890_v3
intel xeon_e7 8890_v4
intel xeon_e7 8891_v2
intel xeon_e7 8891_v3
intel xeon_e7 8891_v4
intel xeon_e7 8893_v2
intel xeon_e7 8893_v3
intel xeon_e7 8893_v4
intel xeon_e7 8894_v4
intel xeon_gold 5115
intel xeon_gold 5118
intel xeon_gold 5119t
intel xeon_gold 5120
intel xeon_gold 5120t
intel xeon_gold 5122
intel xeon_gold 6126
intel xeon_gold 6126f
intel xeon_gold 6126t
intel xeon_gold 6128
intel xeon_gold 6130
intel xeon_gold 6130f
intel xeon_gold 6130t
intel xeon_gold 6132
intel xeon_gold 6134
intel xeon_gold 6134m
intel xeon_gold 6136
intel xeon_gold 6138
intel xeon_gold 6138f
intel xeon_gold 6138t
intel xeon_gold 6140
intel xeon_gold 6140m
intel xeon_gold 6142
intel xeon_gold 6142f
intel xeon_gold 6142m
intel xeon_gold 6144
intel xeon_gold 6146
intel xeon_gold 6148
intel xeon_gold 6148f
intel xeon_gold 6150
intel xeon_gold 6152
intel xeon_gold 6154
intel xeon_phi 7210
intel xeon_phi 7210f
intel xeon_phi 7230
intel xeon_phi 7230f
intel xeon_phi 7235
intel xeon_phi 7250
intel xeon_phi 7250f
intel xeon_phi 7285
intel xeon_phi 7290
intel xeon_phi 7290f
intel xeon_phi 7295
intel xeon_platinum 8153
intel xeon_platinum 8156
intel xeon_platinum 8158
intel xeon_platinum 8160
intel xeon_platinum 8160f
intel xeon_platinum 8160m
intel xeon_platinum 8160t
intel xeon_platinum 8164
intel xeon_platinum 8168
intel xeon_platinum 8170
intel xeon_platinum 8170m
intel xeon_platinum 8176
intel xeon_platinum 8176f
intel xeon_platinum 8176m
intel xeon_platinum 8180
intel xeon_silver 4108
intel xeon_silver 4109t
intel xeon_silver 4110
intel xeon_silver 4112
intel xeon_silver 4114
intel xeon_silver 4114t
intel xeon_silver 4116
intel xeon_silver 4116t
arm cortex-a 9
arm cortex-a 15
arm cortex-a 17
arm cortex-a 57
arm cortex-a 72
arm cortex-a 73
arm cortex-a 75
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 17.04
canonical ubuntu_linux 17.10
canonical ubuntu_linux 18.04
netapp hci_management_node -
netapp solidfire -
netapp hci_compute_node -
siemens simatic_winac_rtx_\(f\)_firmware 2010
siemens simatic_winac_rtx_\(f\)_firmware 2010
siemens simatic_winac_rtx_\(f\)_firmware 2010
siemens simatic_winac_rtx_\(f\)_2010 -
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.3
oracle vm_virtualbox *
oracle vm_virtualbox *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2308:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD028C10-FD07-4206-A732-CCAC1B6D043D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2316:*:*:*:*:*:*:*",
              "matchCriteriaId": "704FAA50-1B7D-4917-AC4A-4C58785340F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2338:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C6B95D3-75BD-4826-BFBE-9701CC0FF052",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2350:*:*:*:*:*:*:*",
              "matchCriteriaId": "F66E31A6-EA01-40C8-8718-CE2C1F45EEB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2358:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBBE3B05-2063-49DE-A1D3-9D0A62E0CF5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2508:*:*:*:*:*:*:*",
              "matchCriteriaId": "022F2CBE-EFB1-4962-AC91-D25AAB057DAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2516:*:*:*:*:*:*:*",
              "matchCriteriaId": "69C05CD9-551B-46EE-85F8-D18FF878FE8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2518:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DCCB5A5-20E3-4EC5-956C-EA7C0F33A026",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2530:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C38C609-242E-4923-A81F-DAFBE7B6A927",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2538:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AEB08B5-7CBA-479A-A41B-FD8A6D9E0875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2550:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8C4FDD7-F2EC-4EDB-ACC9-3D6B9152C855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2558:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E51DD0B-1EED-4BE9-B0A7-BE2E91CCA84C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2718:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7AC7C56-2205-4121-99E2-001A7488E0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2730:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1677313-FF8F-493B-9DA3-C78F87581A17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2738:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2A3CCE-FA57-43B5-B7DE-CFD0CC2ECD7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2750:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CA4444-5103-4451-8A7C-F6BBE714BBB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c2758:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA1EB745-46D7-4088-93C6-E7156520B144",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3308:*:*:*:*:*:*:*",
              "matchCriteriaId": "A93010C0-33B3-438F-94F6-8DA7A9D7B451",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3338:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A988A78-6B3D-4599-A85C-42B4A294D86D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3508:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7C5EF4-3A92-4AF7-9B11-62B4FFDC5128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3538:*:*:*:*:*:*:*",
              "matchCriteriaId": "246AA1B0-B6C8-406B-817D-26113DC63858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3558:*:*:*:*:*:*:*",
              "matchCriteriaId": "00EE5B42-FF05-447C-BACC-0E650E773E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3708:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0779CC9-BD39-4E0B-B523-A6C69F9EBB0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3750:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F0E3C4-7E9B-435F-907E-4BF4F12AF314",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3758:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D616C72-0863-478C-9E87-3963C83B87E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3808:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC333B0D-3A0E-4629-8016-68C060343874",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3830:*:*:*:*:*:*:*",
              "matchCriteriaId": "6655535C-FF64-4F9E-8168-253AABCC4F5D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3850:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1EDEA1E-9A19-4B3F-806E-D770D1AB4C73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3858:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD68F3F-7E38-40B9-A20B-B9BB45E8D042",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3950:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EACEF19-83BC-4579-9274-BE367F914432",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3955:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CC73291-AA6F-40B0-860A-1F2E6AB1E2AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_c:c3958:*:*:*:*:*:*:*",
              "matchCriteriaId": "24128A7F-2B0B-4923-BA9E-9F5093D29423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3805:*:*:*:*:*:*:*",
              "matchCriteriaId": "0990DD71-9E83-499D-9DAF-A466CF896CFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3815:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7FEDEF-9772-4FB1-9261-020487A795AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3825:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE7B0F72-DEDF-40C4-887C-83725C52C92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3826:*:*:*:*:*:*:*",
              "matchCriteriaId": "9568C222-9816-4520-B01C-C1DC2A79002D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3827:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B2F8FAD-1688-4369-BB4B-9FA9F30A80A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_e:e3845:*:*:*:*:*:*:*",
              "matchCriteriaId": "53A1F23D-7226-4479-B51F-36376CC80B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3130:*:*:*:*:*:*:*",
              "matchCriteriaId": "BAB245C8-9918-41A0-9DFB-A11E4185C87A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3200rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "9990DD08-BD81-4BFA-B3D4-0DECBF8CCC54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3205rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "F752A3C8-18ED-4765-B6EC-C664154EB701",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3230rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4F31C3F-7C0D-4D95-B4B9-89FD38076913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3235rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BEEE36E-E735-4A33-80B7-9407D072F6BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3265rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CB3D3DE-21BE-40C7-A510-AC97C92390DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3295rk:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9A9545-38A3-460D-AB1A-8B03BEB405A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3405:*:*:*:*:*:*:*",
              "matchCriteriaId": "1860D932-777D-41F2-94A2-D14AB1494AA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x3:c3445:*:*:*:*:*:*:*",
              "matchCriteriaId": "75165A10-2FD5-4370-814C-B60FDE339AFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x5-e3930:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "454AC633-5F1C-47BB-8FA7-91A5C29A1DD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x5-e3940:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2394E8C-58D9-480B-87A7-A41CD7697FC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_x7-e3950:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B9AC02B-D3AE-4FAF-836E-55515186A462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2420:*:*:*:*:*:*:*",
              "matchCriteriaId": "65AAC7A7-77CA-4C6C-BD96-92A253512F09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2460:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCD16C07-0050-495A-8722-7AC46F5920F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2480:*:*:*:*:*:*:*",
              "matchCriteriaId": "01423706-C82C-4457-9638-1A2380DE3826",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2520:*:*:*:*:*:*:*",
              "matchCriteriaId": "A881E2D3-A668-465F-862B-F8C145BD5E8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2560:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5B9B98-0EF0-4ACD-B378-F9DE5AB36CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2580:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BDC6806-E4FC-4A6E-A6BB-88C18E47ABFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z2760:*:*:*:*:*:*:*",
              "matchCriteriaId": "6602DD69-E59A-417D-B19F-CA16B01E652C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "05C493EE-EF9F-47E2-8F88-86DF6C5F1FF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "40010DAE-DD1A-4A81-B6E9-EDC1B0DDCAB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3530:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED96AC16-12CC-43F6-ACC8-009A06CDD8F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3560:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE9DC29-C192-4553-AF29-D39290976F47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3570:*:*:*:*:*:*:*",
              "matchCriteriaId": "F625E647-B47E-404C-9C5B-72F3EB1C46F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3580:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3AF3279-89E7-4C91-8C5F-5AD5937CD0C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3590:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5878612-9825-4737-85A5-8227BA97CBA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735d:*:*:*:*:*:*:*",
              "matchCriteriaId": "F453D348-28CE-402B-9D40-A29436A24ECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735e:*:*:*:*:*:*:*",
              "matchCriteriaId": "36322F4B-83D7-468A-BB34-1C03729E9BF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735f:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AD22811-C3C6-4B5E-98D5-D3F2240E6C8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3735g:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C7D0BA-8F07-42AD-8BB9-C65472BE41C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736f:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A2A50E-94FA-44E9-A45D-3016750CFBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3736g:*:*:*:*:*:*:*",
              "matchCriteriaId": "5625CAD8-4A62-4747-B6D9-90E56F09B731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740:*:*:*:*:*:*:*",
              "matchCriteriaId": "43A234CE-D6AA-4A32-8425-1A4DDA0F6B6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3740d:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DE1A01-3AEF-41E6-97EE-CB93429C4A1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745:*:*:*:*:*:*:*",
              "matchCriteriaId": "410184AF-B932-4AC9-984F-73FD58BB4CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3745d:*:*:*:*:*:*:*",
              "matchCriteriaId": "B265F073-9E0A-4CA0-8296-AB52DEB1C323",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F664223-1CBC-4D8A-921B-F03AACA6672B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3770d:*:*:*:*:*:*:*",
              "matchCriteriaId": "987A8470-08BA-45DE-8EC0-CD2B4451EECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BBC9542-FB77-4769-BF67-D42829703920",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3775d:*:*:*:*:*:*:*",
              "matchCriteriaId": "74FDC18B-4662-422E-A86A-48FE821C056F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3785:*:*:*:*:*:*:*",
              "matchCriteriaId": "CAB4AA2C-D1D9-44D8-9471-66EBDE9DC66D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:atom_z:z3795:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBA3E7AE-CB74-48A8-A2B8-9FCADB6E40D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1750:*:*:*:*:*:*:*",
              "matchCriteriaId": "78E4461B-72F8-4F3D-A405-4AFA99EC8A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1800:*:*:*:*:*:*:*",
              "matchCriteriaId": "663DDC1C-E48A-4E84-A6CC-B46FC45D6A6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1850:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CEEC75B-10CE-4B7E-BA5F-6D661EC07FFF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j1900:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAEDED56-9387-4DAC-BF52-C32ECCB7D407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3060:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA13F31C-BBD9-48C7-8499-92D0B5CA8CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3160:*:*:*:*:*:*:*",
              "matchCriteriaId": "E57A9B28-734B-401D-B24C-A295F364D8E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3355:*:*:*:*:*:*:*",
              "matchCriteriaId": "F02289DF-4A02-4602-89B7-E9148236EE1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j3455:*:*:*:*:*:*:*",
              "matchCriteriaId": "723E7155-493D-4B5A-99E2-AB261838190E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4005:*:*:*:*:*:*:*",
              "matchCriteriaId": "82E37264-E4BA-4D9D-92E7-56DE6B5F918F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_j:j4105:*:*:*:*:*:*:*",
              "matchCriteriaId": "8704BE6D-2857-4328-9298-E0273376F2CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2805:*:*:*:*:*:*:*",
              "matchCriteriaId": "731F1E65-1D53-443B-8E2F-8AF11191AFA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2806:*:*:*:*:*:*:*",
              "matchCriteriaId": "02A83822-822D-4A4D-B29B-A5BE6367A7DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2807:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8C32738-F08E-469C-8DE0-2708F30574A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2808:*:*:*:*:*:*:*",
              "matchCriteriaId": "B292187E-8EAD-49D2-B469-B14CA0656035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2810:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D131E1-24C1-48CF-B3DD-46B09A718FB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2815:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABF1231-73CF-4D1B-860C-E76CD26A645E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2820:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7F88E38-4EC4-41DB-A59D-800997440C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2830:*:*:*:*:*:*:*",
              "matchCriteriaId": "32FD6647-4101-4B36-9A9A-F70C29997148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2840:*:*:*:*:*:*:*",
              "matchCriteriaId": "D248D668-A895-43B3-ADEF-1B22EE7DC76E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2910:*:*:*:*:*:*:*",
              "matchCriteriaId": "858411B5-E904-45FA-8B33-5CC73B915B22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2920:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BB9336C-C893-4AB0-9402-868CE9960058",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2930:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4695F94-7AAE-4219-9EF6-CE6D0838192D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n2940:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD7A0991-73F0-410D-855C-BFC88A66E61F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3000:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAF5CF9A-B3F2-4686-B933-7DB13AD2CF35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3010:*:*:*:*:*:*:*",
              "matchCriteriaId": "9858EAC3-C1CE-449B-A605-FFA337DA825D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3050:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7A8F905-A4C6-4EC6-B9E8-800948350B89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3060:*:*:*:*:*:*:*",
              "matchCriteriaId": "565B48E3-1406-4E3C-B4A5-35865C5614E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3150:*:*:*:*:*:*:*",
              "matchCriteriaId": "46B6C4D7-B0A2-4DF1-B8DE-19C806D5FABB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3160:*:*:*:*:*:*:*",
              "matchCriteriaId": "8AB82A90-C0BC-4BA8-88CA-4967BC3A4A7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3350:*:*:*:*:*:*:*",
              "matchCriteriaId": "191A094B-E354-4767-AD43-87CE140BF851",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1289B9E-5725-42EF-8848-F545421A29E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n4000:*:*:*:*:*:*:*",
              "matchCriteriaId": "238A21CB-F8C5-468B-B523-6D014E2EA8AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:celeron_n:n4100:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC52CDD-614D-4EA0-8DA8-D71189C42E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:330e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4229DB2-8BBC-49F8-87A8-2E7D56EFD310",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:330m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEBA7322-4D95-4E70-B6A5-E0D8F1B5D7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:330um:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E91F46-D950-4894-BACF-05A70C7C6F7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:350m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E12B40B-5221-48A6-B2A6-D44CD5636BB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:370m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BCB77C9-ABE3-44A0-B377-7D7035E8A11F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:380m:*:*:*:*:*:*:*",
              "matchCriteriaId": "D06639F5-5EE8-44F4-B48A-5694383154DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:380um:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD9662C9-59D3-4B3E-A4DA-4F1EE16FC94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:390m:*:*:*:*:*:*:*",
              "matchCriteriaId": "637C3687-FBCC-41A0-BFE6-823BAE45FB92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:530:*:*:*:*:*:*:*",
              "matchCriteriaId": "2350A197-193F-4B22-80E8-3275C97C78EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:540:*:*:*:*:*:*:*",
              "matchCriteriaId": "734C7A7E-ACCA-4B34-BF38-0FAED988CC6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:550:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D9ABAFC-B3B5-449D-A48E-2E978563EDE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:560:*:*:*:*:*:*:*",
              "matchCriteriaId": "99019EA0-6576-4CE7-B60A-975D418AA917",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2100:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E846AEF-751D-40AD-84B5-EFDC9CF23E2F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2100t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9DD909-B2AC-46BA-B057-D239D0773CAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2102:*:*:*:*:*:*:*",
              "matchCriteriaId": "54F5C355-FDFC-4E71-93AA-218389EF10E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2105:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A1CA1E-971D-4F67-864E-2E772C1E736B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2115c:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B5F8391-D974-49AC-8550-ADB3FA6C0535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2120:*:*:*:*:*:*:*",
              "matchCriteriaId": "8302BF58-9E54-40DA-BCFE-59CA52C460D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2120t:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECCDE9EF-037B-4650-8131-4D57BE141277",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2125:*:*:*:*:*:*:*",
              "matchCriteriaId": "47BA9DA8-F690-4E3C-AEF6-6A5C7BAA6F19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2130:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8253DA-9A04-40D6-84C1-C682B4023D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2310e:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAF6D175-85C3-4C72-AD9F-31B47EF43154",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2310m:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A5FC594-2092-4240-9538-235BBE236DD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2312m:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D95F00-EA89-4FDE-991C-56636B8E0331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2328m:*:*:*:*:*:*:*",
              "matchCriteriaId": "32C40D38-F7F2-4A48-ADAA-6A8BBD6A1A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2330e:*:*:*:*:*:*:*",
              "matchCriteriaId": "4158561F-8270-42D1-91D8-E063CE7F5505",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2330m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF0DEA96-0202-41EB-BDC3-24E2FC4415B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2340ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8BACE1C-5D66-4FBC-8F86-30215A623A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2348m:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF707146-0D64-4F3A-AE22-956EA1CB32B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2350m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8118C3F9-0853-4E87-9E65-86E1398B2780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2357m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A298501-C4D7-48D4-90F9-15AFA59DED48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2365m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEE1B07B-3D92-4D2D-8667-D902F002277F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2367m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F05CB19-1059-4C4D-BFD7-9F51A22A4F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2370m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5588732F-7F1A-4C24-B35F-30532107FFDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2375m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A127DD5D-426D-4F24-A8C5-DC9DAC94B91C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:2377m:*:*:*:*:*:*:*",
              "matchCriteriaId": "26EE0BBD-3982-4B0F-82F6-D58E077C75DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3110m:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAEEC918-EA25-4B38-B5C3-85899D3EBE6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3115c:*:*:*:*:*:*:*",
              "matchCriteriaId": "813965F4-3BDA-4478-8E6A-0FD52723B764",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3120m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5EA2F4-F3EF-4305-B1A1-92F636ED688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3120me:*:*:*:*:*:*:*",
              "matchCriteriaId": "04384319-EE8C-45B4-8BDD-414502E7C02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3130m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C52528CE-4F31-4E5F-8255-E576B20F3043",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3210:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C3F422-F865-4160-AA24-1DAFAE63729C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3217u:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D034E7F-4D17-49D7-BDB2-90CB4C709B30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3217ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C18E6B4-E947-403B-80FB-7095420D482B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3220:*:*:*:*:*:*:*",
              "matchCriteriaId": "2814CC9F-E027-4C5A-93AF-84EA445E6C12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3220t:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A470C3-AAAA-4A6E-B738-FEB69DB78B9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3225:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1236944-4942-40E4-9BA1-029FEAE94BBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3227u:*:*:*:*:*:*:*",
              "matchCriteriaId": "086CAB4B-A10A-4165-BC33-33CADCD23C0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3229y:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1A6A1EB-B3AB-4CB4-827E-CCAAD783F8E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3240:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAFB6B30-BFB0-4397-9E16-37D1A772E639",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3240t:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFCB9D7B-7D0A-435D-8499-C16BE09E19FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3245:*:*:*:*:*:*:*",
              "matchCriteriaId": "64277594-9713-436B-8056-542CFA9F4CFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3250:*:*:*:*:*:*:*",
              "matchCriteriaId": "589BB170-7CBA-4F28-99E3-9242B62E2918",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:3250t:*:*:*:*:*:*:*",
              "matchCriteriaId": "91B9C4D9-DA09-4377-9DCD-225857BD9FA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4000m:*:*:*:*:*:*:*",
              "matchCriteriaId": "03D0265F-840B-45A1-90BD-9ED8846A9F63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4005u:*:*:*:*:*:*:*",
              "matchCriteriaId": "74BAC0EC-2B38-4553-A399-4BD5483C4753",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4010u:*:*:*:*:*:*:*",
              "matchCriteriaId": "4477EBA6-F0A7-452B-96E8-BA788370CCA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4010y:*:*:*:*:*:*:*",
              "matchCriteriaId": "1285D817-B5B8-4940-925D-FCDD24810AE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4012y:*:*:*:*:*:*:*",
              "matchCriteriaId": "D289F7B4-27CD-4433-BB45-06AF98A59B7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4020y:*:*:*:*:*:*:*",
              "matchCriteriaId": "00168903-6012-4414-87D1-2EE52AA6D78E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4025u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AE8D524-577E-4994-8A4B-D15022C84D7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4030u:*:*:*:*:*:*:*",
              "matchCriteriaId": "75977B0B-C44D-43BC-8D7A-AF966CDB1901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4030y:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE7F5D52-9F41-49A4-B941-E0D777203FF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4100e:*:*:*:*:*:*:*",
              "matchCriteriaId": "52B5B3FD-5BEA-4DE8-B010-55FED1547167",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4100m:*:*:*:*:*:*:*",
              "matchCriteriaId": "167B1B04-5823-4038-A019-3975A3B447C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4100u:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6C7A4EA-0B5E-47CD-8924-3B1B60EB4BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4102e:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BA096E0-5480-47CB-822B-D11D7E20F69F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4110e:*:*:*:*:*:*:*",
              "matchCriteriaId": "30357469-0B8F-4385-A282-2F50181EA442",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4110m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE70772-7796-4594-880A-6AAD046E4D8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4112e:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A9E2F8D-2974-4833-9EC2-233CEE257C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4120u:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EE3078-454F-48F8-B201-3847DB40D5C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4130:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE32C500-55C2-41A7-8621-14EBF793BF11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4130t:*:*:*:*:*:*:*",
              "matchCriteriaId": "52D3DF52-501A-4656-98F1-8DD51D04F31F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4150:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EA603AD-6CF1-44B2-876D-6F1C0B7EF2C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4150t:*:*:*:*:*:*:*",
              "matchCriteriaId": "09578301-CF39-4C24-951A-535743E277EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4158u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F4D14AA-7DBF-4B73-BDEF-6248EF5C0F7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4160:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A65F303-96C8-4884-8D6F-F439B86BA30C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4160t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E046105-9DF5-425F-A97E-16081D54613C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4170:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2987BCF-39E6-49B6-8DEE-963A38F12B07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4170t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AEDE2B7-9AA2-4A14-8A02-9A2BFF0DDCBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4330:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AD92AD8-033A-4AAD-91E5-CB446CCE9732",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4330t:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E0E73A-F1B4-4E70-B9F1-EE97785B8891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4330te:*:*:*:*:*:*:*",
              "matchCriteriaId": "61D6E3CC-79B1-4995-9A76-41683C7F254A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4340:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9CEB2B1-BD1A-4B89-8E03-4F90F04A0F0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4340te:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FE5773D-3CD1-4E63-8983-E0105C46D185",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4350:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A7C307A-6576-4A0A-8F4E-0981C9EE2901",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4350t:*:*:*:*:*:*:*",
              "matchCriteriaId": "18B3A53B-902C-46A5-8CE7-B55102703278",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4360:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB843479-729A-4E58-8027-0FC586F051AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4360t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF5A233-1E77-49FD-AC2C-60D185481E28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4370:*:*:*:*:*:*:*",
              "matchCriteriaId": "18519CF2-B0DA-42DD-8A3E-9084298C210A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:4370t:*:*:*:*:*:*:*",
              "matchCriteriaId": "329D5FCF-7EC5-4471-906B-3619A180BD52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5005u:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DD43EAA-F3A5-4748-9187-A6E6707ACD11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5010u:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6F3C14D-4BFC-4205-8781-95E6B28C83C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5015u:*:*:*:*:*:*:*",
              "matchCriteriaId": "20942AD8-ADB7-4A50-BDBE-DB36249F4F52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5020u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC6ED02-134B-4322-AB72-75A0AB22701E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:5157u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA74EEE-54CC-4F80-B1D3-99F7771335ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6006u:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B859F7-0373-4ADD-92B3-0FAB42FCF23C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6098p:*:*:*:*:*:*:*",
              "matchCriteriaId": "AAC76F31-00A5-4719-AA50-92F773919B3C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100:*:*:*:*:*:*:*",
              "matchCriteriaId": "49996F5A-51B2-4D4E-AE04-E98E093A76CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100e:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F8406B0-D1E5-4633-B17E-53DC99FE7622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100h:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D49435C-7C33-454B-9F43-9C10F28A28A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100t:*:*:*:*:*:*:*",
              "matchCriteriaId": "D17E1A0F-1150-4899-81BC-BE84E4EF5FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100te:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADD98AE-BAB0-440D-AB9F-2D76BE5109E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6100u:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED44A404-8548-4EDC-8928-4094D05A6A38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6102e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A6E4AA3-BEBC-4B14-9A52-A8F8B2954D64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6157u:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2AAD8F0-0D31-4806-8A88-A30E5BE43630",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6167u:*:*:*:*:*:*:*",
              "matchCriteriaId": "8164EE5F-6ABA-4365-8718-2F98C2E57A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6300:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7110AF9-A407-4EE2-9C46-E5F1E3638E9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6300t:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A06696D-37F0-427D-BFC5-1606E7441C31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:6320:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F8A5FC-5EFE-42EC-A49B-D3A312FB5F6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:8100:*:*:*:*:*:*:*",
              "matchCriteriaId": "68A76015-0A05-4EC7-B136-DC13B55D881F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i3:8350k:*:*:*:*:*:*:*",
              "matchCriteriaId": "C352DCE8-E8D9-40D3-AFE9-B5FB84F7ED33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:430m:*:*:*:*:*:*:*",
              "matchCriteriaId": "54464F6C-9B2D-46BA-AC44-506389F3EE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:430um:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FA11017-EA58-45EE-8408-FCCCF7183643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:450m:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A5098A5-E4E8-47E4-8CD0-F607FF0C0C90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:460m:*:*:*:*:*:*:*",
              "matchCriteriaId": "442AD778-D56F-4C30-BBF8-749D6AAC4737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:470um:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF7D3F31-AF4D-4C50-8590-A763AAC7AF07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:480m:*:*:*:*:*:*:*",
              "matchCriteriaId": "445BFC2E-38FA-4130-8550-0866EC4EDA33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:520e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DC2746-CE41-40C9-8CFA-23231BBCAE77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:520m:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3A8976-5E4D-490A-A87D-A47D1B2B903C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:520um:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8535E6-220E-4747-8992-45B6EAFC555C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:540m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7479B49-F484-4DF2-86CB-E52EE89FA238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:540um:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6D68512-746D-4E95-857B-13A0B6313C5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:560m:*:*:*:*:*:*:*",
              "matchCriteriaId": "4312BA84-F9A0-4BD4-8438-058E1E7D6C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:560um:*:*:*:*:*:*:*",
              "matchCriteriaId": "60E52DF5-C713-4BC4-B587-FF6BDA8509CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:580m:*:*:*:*:*:*:*",
              "matchCriteriaId": "304ADCAC-9E49-42BD-BC92-58D9B2AD52E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:650:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB02172-B9A7-4801-88F2-98BF5843184A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:655k:*:*:*:*:*:*:*",
              "matchCriteriaId": "5141380E-BD18-47C1-A84C-384BA821773D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:660:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AE6C49E-2359-4E44-9979-7D34F8460E35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:661:*:*:*:*:*:*:*",
              "matchCriteriaId": "C004B75F-37AF-4E61-98F3-1B09A7062DDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:670:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7126D19-C6D9-43CB-8809-647B1A20E7DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:680:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CC98503-A80A-4114-8BF2-E016659BE84E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:750:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E6F4A7-24BE-4AA0-9CDD-84FBC56FE9BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:750s:*:*:*:*:*:*:*",
              "matchCriteriaId": "3821412D-B010-49C4-A7B4-6C5FB6C603B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:760:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34CA5CC-9EB1-4063-8B9D-3F566C1EFF76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2300:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CEB5D2D-FF54-4BDB-9E9C-8C1B2719FC9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2310:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AD5B51A-AEA0-4DA2-BA60-94A2D5605352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2320:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96C6CA0-434D-428F-B629-A971C2937628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2380p:*:*:*:*:*:*:*",
              "matchCriteriaId": "301AB72A-A6F2-42C8-A931-94EF2271443F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2390t:*:*:*:*:*:*:*",
              "matchCriteriaId": "59414B5A-05B8-49AF-A197-2A31729DDB65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2400:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFDD380-692F-41D7-996F-F97FC74DC7CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2400s:*:*:*:*:*:*:*",
              "matchCriteriaId": "49602828-2BFC-4571-9F05-6210FD263DF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2405s:*:*:*:*:*:*:*",
              "matchCriteriaId": "87E03978-E16D-4A9B-8AE7-9F4F1171C14A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2410m:*:*:*:*:*:*:*",
              "matchCriteriaId": "03096A9A-5758-47E6-81E2-BCFE847C41F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2430m:*:*:*:*:*:*:*",
              "matchCriteriaId": "150CC865-7975-45EC-BFF7-A94146442BA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2435m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8FA1308-589B-432B-80F9-9A499D083ED5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2450m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED2453E-30E1-4620-BEC5-21B0083449E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2450p:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FE8DD05-D700-4F89-9B01-D489029DF7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2467m:*:*:*:*:*:*:*",
              "matchCriteriaId": "050957CA-6191-4F9F-9D07-48B342B3B1B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500:*:*:*:*:*:*:*",
              "matchCriteriaId": "DACBF998-8B11-45C7-9017-486AED4FAE6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500k:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9F2F3C4-FC94-414A-A208-913A43D57D75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500s:*:*:*:*:*:*:*",
              "matchCriteriaId": "641152EC-F4B4-4E5E-B396-AC4CAAB805BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2500t:*:*:*:*:*:*:*",
              "matchCriteriaId": "4911E332-B8BA-4336-A448-3F70D2BBB147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2510e:*:*:*:*:*:*:*",
              "matchCriteriaId": "330EC403-3174-4543-9BBE-CEC0ABC1575D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2515e:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EF585D0-507E-491E-9C3B-78EE26F2F070",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2520m:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD00F7C6-6762-4DC9-9F6C-5EAC4ACB1C54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2537m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5D885A-85C4-4A11-B061-61EFF6B6E329",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2540m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0502B59F-933C-4E25-A2EC-9296B197E139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2550k:*:*:*:*:*:*:*",
              "matchCriteriaId": "99D9C0A9-2DFF-4760-8FED-AC2DA7968E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:2557m:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5A1BAEC-18BF-4607-BFB7-48102E75186A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3210m:*:*:*:*:*:*:*",
              "matchCriteriaId": "D49ED138-F42D-4451-A350-0B2DD5AB9444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3230m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5ED91472-90FC-4AC8-96D5-1550A8502411",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3317u:*:*:*:*:*:*:*",
              "matchCriteriaId": "57CEEFA6-CEED-4CA3-8DDC-B6601D69FB7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3320m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FD25ECD-0605-4CD7-9DC5-294ACD7EF1B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3330:*:*:*:*:*:*:*",
              "matchCriteriaId": "2784E2AF-A5E5-4960-830C-B3EFB84043D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3330s:*:*:*:*:*:*:*",
              "matchCriteriaId": "9112FA50-5527-4B20-80F5-2DE9E66D09F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3337u:*:*:*:*:*:*:*",
              "matchCriteriaId": "73CE4E2E-B2BF-409E-B18C-D67DA810FE9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3339y:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2B84D67-0B1D-4B74-BC85-AF8F933D8429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3340:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA05A18-1523-4EED-9D2E-0A258A33F24F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3340m:*:*:*:*:*:*:*",
              "matchCriteriaId": "C34E70EB-92F0-43F6-8883-FE422BE1A3FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3340s:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D301F1-20C2-4756-9A90-37F14835CE14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3350p:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2EEC8B5-1CAB-4FBE-BBA2-D2FFA3EF9489",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3360m:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA63B803-4D48-42E8-A793-F92ABCB8BFC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3380m:*:*:*:*:*:*:*",
              "matchCriteriaId": "129DB9CB-E878-4856-A954-15FFE1428636",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3427u:*:*:*:*:*:*:*",
              "matchCriteriaId": "730DB4AA-FD7D-40C6-8D7F-19937832EF9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3437u:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E86978-4820-422A-8C7C-FF0697DAED05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3439y:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A7A9DB5-F544-4FD8-A9CC-0BD6257516AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF813AD9-D296-4915-861C-8DE929E45FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3450s:*:*:*:*:*:*:*",
              "matchCriteriaId": "04A65469-083F-40B5-86C5-A2EAE5B2F00A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3470:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F1AA82E-BD86-40F5-B417-71DF6AF53A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3470s:*:*:*:*:*:*:*",
              "matchCriteriaId": "B71A6DB0-5EB0-4712-8480-CF427F521D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3470t:*:*:*:*:*:*:*",
              "matchCriteriaId": "8223D5A1-ADF1-43C6-AF91-EE5C413BCB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3475s:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DD69605-F52B-4623-921A-983A5A408ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3550:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1D5685F-6FFE-4A6A-9FF8-940C8DA36499",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3550s:*:*:*:*:*:*:*",
              "matchCriteriaId": "B94062D9-8DDA-4B4A-B3B5-07F71F5B97E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570:*:*:*:*:*:*:*",
              "matchCriteriaId": "3832D0A6-419D-4876-B5C4-920578F713F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1AA5C8A-83A8-4F96-9D7C-7A50ADDB2341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570s:*:*:*:*:*:*:*",
              "matchCriteriaId": "404E38E6-9EB3-41D0-97A7-DC579688BFB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3570t:*:*:*:*:*:*:*",
              "matchCriteriaId": "40E4A921-AB28-47B7-B5A3-EB82193D15BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:3610me:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0357E48-2300-47B4-B9E5-9FE813A2FC09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200h:*:*:*:*:*:*:*",
              "matchCriteriaId": "96CC28B6-57D1-4919-AA55-A262CC16AFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EB4C54D-1265-425A-B507-E1099844875A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200u:*:*:*:*:*:*:*",
              "matchCriteriaId": "97362147-3A71-430D-9064-4435D45C3B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4200y:*:*:*:*:*:*:*",
              "matchCriteriaId": "89212CF3-4E99-4389-94CE-F4211DDCA01B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4202y:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBEA4DA3-0AFB-4FCE-92DB-5B316775BB17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210h:*:*:*:*:*:*:*",
              "matchCriteriaId": "611C0A0A-1FA3-42F9-82E8-BFCB71A077DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210m:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F027D9-DCB4-4A3D-8987-41F2941DBD45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210u:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23BCEC9-2BFB-4B41-9A7A-18B1347C6202",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4210y:*:*:*:*:*:*:*",
              "matchCriteriaId": "4924CE39-A846-4DB4-9547-6322FC5AD6B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4220y:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C9E2C9A-94A1-456B-90D5-54932DF64C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4250u:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC04C652-B2D8-4002-A50E-8AFE83204A25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4258u:*:*:*:*:*:*:*",
              "matchCriteriaId": "10D413F0-CDBC-4A63-B9A7-9E7725BA1E83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4260u:*:*:*:*:*:*:*",
              "matchCriteriaId": "754A8826-59F7-4A71-B74B-737BE9C7DE4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4278u:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADB6BDA-6825-489B-AB39-7729BA45DFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4288u:*:*:*:*:*:*:*",
              "matchCriteriaId": "7913F57E-E600-4767-AF51-D045E1898E72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4300m:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3783F4-5A05-45AA-9791-A681011FD78C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4300u:*:*:*:*:*:*:*",
              "matchCriteriaId": "01E3114D-31D2-4DBF-A664-F4049D8B6266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4300y:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EE6578-981D-470C-BB24-4960B3CB1478",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4302y:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3320D50-C5C9-4D75-BF1A-5BB7BCBFE2BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4308u:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EE59839-8EB9-47FE-88E2-F0D54BE787A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4310m:*:*:*:*:*:*:*",
              "matchCriteriaId": "75694A3D-080A-4AA7-97DF-5A5833C9D9F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4310u:*:*:*:*:*:*:*",
              "matchCriteriaId": "19C5E27D-BBAB-4395-8FC6-8E3D4FB9A1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4330m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E996176-3DEA-46E6-93B7-9C0DF32B59D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4340m:*:*:*:*:*:*:*",
              "matchCriteriaId": "4417007D-126A-478B-87EA-039D088A4515",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4350u:*:*:*:*:*:*:*",
              "matchCriteriaId": "F78C2825-F6A3-4188-9D25-59EAEC8A7B0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4360u:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF2FA85D-B117-410D-B247-8C5A3479319A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4400e:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A041D27-132C-4B15-976F-1750C039A89F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4402e:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D495E06-BF2B-4C5A-881D-94C93CD2BA2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4402ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C31DFB8-8D8C-47D6-AAFF-BAE829A3D965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4410e:*:*:*:*:*:*:*",
              "matchCriteriaId": "088BC395-06D5-4156-85EB-63C4A9552898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4422e:*:*:*:*:*:*:*",
              "matchCriteriaId": "33A220A2-A6D2-46A7-B168-607400EEDCE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4430:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E79232F-7196-440B-82D4-165885251232",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4430s:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED866954-77AB-4CA8-8AED-4252C595FC4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4440:*:*:*:*:*:*:*",
              "matchCriteriaId": "28A1F516-B180-45D4-8EB1-754B7497CB2B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4440s:*:*:*:*:*:*:*",
              "matchCriteriaId": "36758A04-64D3-4150-A004-CF042FA31CD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4460:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E01752E-F1DD-400A-A917-216CAF15B0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4460s:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD47EC58-F776-4F59-8F15-4B208904CF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4460t:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D3781F4-2123-4FA1-8AF5-D0D1E6C1A5B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570:*:*:*:*:*:*:*",
              "matchCriteriaId": "94565E35-8A58-4CB6-A489-C796DCB97FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570r:*:*:*:*:*:*:*",
              "matchCriteriaId": "49964D35-5323-4412-BD54-661630F9A8CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570s:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0A37E7D-1BF6-4A2A-BF52-5F0EC4B4F341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570t:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0F66468-87D0-41FC-934B-5924BE2956CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4570te:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E0F93E1-4607-4DF4-AC6E-4B7254D4A8DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4590:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C0D99E-443E-4AB1-A07A-900A09FE177E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4590s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D0FD76-C1FB-43D0-8511-FC0BA6DA7960",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4590t:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9DAEE52-09C3-4A09-9958-9D6807B2700B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670:*:*:*:*:*:*:*",
              "matchCriteriaId": "B97690D4-E814-4D40-B170-BE56D7AE2C1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670k:*:*:*:*:*:*:*",
              "matchCriteriaId": "89804F2C-D32D-4444-ABEA-5B241153D096",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670r:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AAAAF9C-B29B-4020-BAFF-C87B1A08294A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670s:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECE60E1E-AB8D-46E4-A779-A54F2D20B5D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4670t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB958A28-7C9A-4BD0-B002-4E1A65CDB0A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C27B318-2AC1-423D-B0C8-583BB1800D5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690k:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E58E3D0-1154-4B13-BA16-67CE67DF0637",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690s:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D2ACB3-B906-4944-A021-03C4645965BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:4690t:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FFF834A-D7F0-4E48-AD3D-DD0BCE6DEC0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5200u:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E1A41BA-A1D6-484A-BAD2-68DF85598354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5250u:*:*:*:*:*:*:*",
              "matchCriteriaId": "11260C9D-69A9-4D81-9CCF-2E116DD75F7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5257u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C020F06-FD27-46E3-A48F-3F60F33BB969",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5287u:*:*:*:*:*:*:*",
              "matchCriteriaId": "03C74F10-6A7F-4F68-8A34-E981E1760DE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5300u:*:*:*:*:*:*:*",
              "matchCriteriaId": "24741B98-8D0E-4307-AAEF-A14B2531DCA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5350h:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4FA4BA-4304-4A70-9F86-120F2A3D8148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5350u:*:*:*:*:*:*:*",
              "matchCriteriaId": "367FC8BA-F046-4264-A049-49E933E7698F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5575r:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE9B68D3-1DFB-4468-85C4-AC13E6CBC111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5675c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C966A016-B650-44D9-B8C4-1ED50AB318DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:5675r:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC448FF0-6D3F-4609-864B-4191905EE2B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6200u:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FC246FE-4CA6-4B2D-83C3-D50A386C24A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6260u:*:*:*:*:*:*:*",
              "matchCriteriaId": "758A14DB-1BAF-442A-BA7C-5E9C67847BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6267u:*:*:*:*:*:*:*",
              "matchCriteriaId": "61309100-CFA7-4607-A236-8910838AA057",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6287u:*:*:*:*:*:*:*",
              "matchCriteriaId": "82D76265-7BD0-4C51-AE77-22B22524DE81",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6300hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE38B195-BB8D-4747-881D-E8033760B4C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6300u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AA8BE76-168D-48A3-8DF6-E91F44600408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6350hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B656975-5D71-4712-9820-BDB7BC248AFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6360u:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA045267-114D-4587-B6D7-E273C28DC9B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6400:*:*:*:*:*:*:*",
              "matchCriteriaId": "77018415-E122-406E-896D-1BC6CF790BE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6400t:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ADF37F1-546B-4EF0-8DEC-DC3B9F5309FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6402p:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7469256-1A64-46FF-8F5A-A8E9E3CF5BE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6440eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F9069B9-9FE3-4AD5-9A8E-55C0F73BD756",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6440hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E1C012-3E05-44DB-B6D2-BFD619C034B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6442eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "15D689D6-8594-42F2-8EEF-DCAEBA885A67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6500:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6446000-0494-4DC5-ABAA-F20A44546068",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6500t:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B94EEC-6690-45D0-B086-F4A5B25C25CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6500te:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B767B6E-B3E6-4424-97A6-89A7E7EB0EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6585r:*:*:*:*:*:*:*",
              "matchCriteriaId": "832AB3CD-E3A1-4CCB-A210-287973563D0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6600:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A26C0CC-68AD-40F5-96B8-87E6C643F6F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6600k:*:*:*:*:*:*:*",
              "matchCriteriaId": "99C4221A-9994-43B3-9C7A-E13815A50A10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6600t:*:*:*:*:*:*:*",
              "matchCriteriaId": "20070B1D-B91C-40BA-A9D8-E80170A2933F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:6685r:*:*:*:*:*:*:*",
              "matchCriteriaId": "A70129C9-371F-4542-A388-C095869E593A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8250u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C4DE25F-168A-4C67-8B66-09F61F072BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8350u:*:*:*:*:*:*:*",
              "matchCriteriaId": "58157F24-D89E-4552-8CE6-2F01E98BD1E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8400:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7FFD78-1E1C-4246-BBD3-73FAC06AA46B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i5:8600k:*:*:*:*:*:*:*",
              "matchCriteriaId": "45ACBBEA-EC95-4F3E-B585-893DB6D21A0F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7y75:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEC55DF-1950-45E5-A5F2-B5604AFA1CBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:610e:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6A5EC79-1B21-4BB3-8791-73507BC8D4DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620le:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB4AFC3-FE30-4F46-ADC1-D03EB14E757D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620lm:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0387587-AAB6-4284-8516-4DA3E3582D30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A238C975-9196-449F-9C15-ABB2E9FD1D06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F17F4A5-120B-4E00-97C8-8A85841ACBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:620um:*:*:*:*:*:*:*",
              "matchCriteriaId": "2537F047-64C9-4E73-B82C-310253184183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:640lm:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A55857C-649D-46CE-AEDA-6E553E554FC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:640m:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA4892D-AFDF-4441-821E-5EBF7F64C9F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:640um:*:*:*:*:*:*:*",
              "matchCriteriaId": "327E06A3-7F0E-4498-8811-10C8D15398FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:660lm:*:*:*:*:*:*:*",
              "matchCriteriaId": "1624E6D6-858E-4085-B0B9-362B819EFD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:660ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "50D61F4A-40F0-477C-8326-7359D3626E77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:660um:*:*:*:*:*:*:*",
              "matchCriteriaId": "1455B4DE-7F1C-4CF2-AE02-2EDD20025D62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:680um:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B215788-860B-46CD-9A08-43AFF98FAEAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:720qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B92FAD5-CA6E-48F7-9613-3A4CE90F5F54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:740qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4EB132B-000C-4A17-AFB3-19F40A73D2CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:820qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C4815AE-B635-4545-83C2-5EC4E0128337",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:840qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0046C06-E3E6-4674-A4D1-332DD29D9552",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:860:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C191851-3DC3-41C7-AD89-81F091CCC83A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:860s:*:*:*:*:*:*:*",
              "matchCriteriaId": "21126922-8E81-47F4-82D4-CBCDDACEC4FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:870:*:*:*:*:*:*:*",
              "matchCriteriaId": "209E18B0-BBB5-4C65-B336-44340F7740DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:870s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C867C0B8-91A4-482A-B7DD-54AB9599AE52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:875k:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F03843-8A51-4CE1-BE6C-994BDE3A8F97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:880:*:*:*:*:*:*:*",
              "matchCriteriaId": "09854948-2657-4261-A32A-0523058F072E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:920:*:*:*:*:*:*:*",
              "matchCriteriaId": "D13904A5-266D-481C-A42A-734C3823A238",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:920xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACC82FCB-0541-45C4-8B7E-CB612D7F702A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:930:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C18BD84-5E9C-4C9E-B0AA-2CEB0D7A58C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:940:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F5ABC7E-C4E0-4850-A1E6-07EBCF4A87D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:940xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "501E9355-0CDD-4951-BCC3-47962788BCCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:950:*:*:*:*:*:*:*",
              "matchCriteriaId": "B3D976D9-62F0-43C3-8359-E51E26B6CD87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:960:*:*:*:*:*:*:*",
              "matchCriteriaId": "02AFBCD0-9B4B-4CA3-8FA9-D8B6ECB24894",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:965:*:*:*:*:*:*:*",
              "matchCriteriaId": "64ADE9AF-196F-4E0B-BC66-7DE0183F9032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:970:*:*:*:*:*:*:*",
              "matchCriteriaId": "C90CCA48-1705-4564-AAF9-271201BD5113",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:975:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B82BAFF-17F5-465C-8032-67D5ECAB2921",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:980:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F694FEC-B97D-4BDA-ADFA-751E8BFB7CD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:980x:*:*:*:*:*:*:*",
              "matchCriteriaId": "F831371E-7437-48D7-8281-1F406215041B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:990x:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC4F06B5-615A-464A-A0C4-7AABEE8530CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2600:*:*:*:*:*:*:*",
              "matchCriteriaId": "92AF503A-A2B1-4FC3-858B-264049ADF0F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2600k:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702C7EC-B1D9-4BDF-B334-2004CD76B52B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2600s:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39F31D6-DC4B-46FE-BE5D-EA612D915A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2610ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "51CB8036-5F36-4CD4-9B3E-D2401F2E64F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2617m:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9849BA3-3990-4E30-B99B-ADD043314CDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2620m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A20FB18A-D3DA-4DE9-BEFF-75B7AB9B9A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2629m:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A67CD6F-5E4F-4E69-A2A9-A4033DCE08EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2630qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A22E92-1EA7-45D9-AC86-EC3D9664C294",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2635qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FA2911-6561-47BF-BEE8-DDA31642C346",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2637m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FA6CA23-6F2B-44D5-B2DA-4F142BA3E48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2640m:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F829DED-4D92-401A-BD80-C070DE57FC7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2649m:*:*:*:*:*:*:*",
              "matchCriteriaId": "F560575C-FD8E-485D-B50A-572604BBE903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2655le:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED8C51B-AE59-46DC-85F9-6D3B2891CB3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2657m:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A38D00A-B9DC-44DF-8247-70355FF9A6EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2670qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "381EFC43-D5D9-4D10-90BE-4C333A9BA074",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2675qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBEDED18-2755-4C55-A1A1-04B4D5F40276",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2677m:*:*:*:*:*:*:*",
              "matchCriteriaId": "F04B57EC-0731-40C8-939F-1C686A65A0FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2700k:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB301FB-EB3E-4F5F-868D-5B66CC7E1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2710qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE1D28F9-B135-441B-A9BF-792DD356E374",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2715qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D01CE3E-5C89-4FC0-9097-CAC483ACD441",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2720qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BDD55C4-AFCD-4DF2-921C-DDC1D7556DA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2760qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F52334F-BE6A-4FD4-9F63-AE9BB017115B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2820qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C9BCC3-B9A6-4195-BF2F-E7BBCE8DC269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2860qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A4DFFA7-AA0E-4D7E-97B8-13389FD47D4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2920xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "707F6671-57AC-4DF4-8024-444502E5C92E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:2960xm:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C1FCE07-F9E8-4B14-95CE-01784D472128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3517u:*:*:*:*:*:*:*",
              "matchCriteriaId": "C208711F-FC06-46C8-8849-27054DC1B264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3517ue:*:*:*:*:*:*:*",
              "matchCriteriaId": "25AB8041-F201-4BB3-AAD9-199B06697DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3520m:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75C474C-D5EF-42D6-9B2A-A504BEFCB982",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3537u:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F566CD3-3649-492B-B0AB-A107E51675B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3540m:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB9F3D74-AE72-4FC5-83E9-890781AF3093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3555le:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8EA6A7-4AB8-487E-B5DD-9989CC5F1CD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3610qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF63DDC8-A0C1-482B-92F2-CF6135E8C2A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3610qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C69918C6-7AAD-4AA5-AB72-C275367B1008",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3612qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "06155B0B-A5AD-4A82-8C02-D264981687A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3612qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "F76C19A4-FA26-432A-9443-9F92B2A946EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3615qe:*:*:*:*:*:*:*",
              "matchCriteriaId": "99BEE9BE-E49A-489B-B333-95D0993F8FA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3615qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "7427A678-EC47-4030-B905-619DD95F5A82",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3630qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "86749716-1C9F-4C2A-B2A7-E62DEC10EA30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3632qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD000B53-06DA-4ED4-B0EE-9CB201B75C8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3635qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8424463-C329-4BAA-8AA1-25CD8B63292E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3667u:*:*:*:*:*:*:*",
              "matchCriteriaId": "52727E62-0048-4C56-BC8C-B3450D257B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3687u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8223AA-F077-45FD-A7E3-3C2C1A8F6E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3689y:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAA34B50-2330-4D77-BF1A-6F05F3EF222C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3720qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6421F69-1076-43D2-B273-DE80FB2D5F72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3740qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1EDA9E2-CFE7-4917-BE48-A83208BDF0F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A34E7FC-93A4-45F2-A7B6-4A8ABFCAB0F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770k:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E611EDD-D44C-4311-B681-431D7C574528",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770s:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5E1B6AA-2F9A-43A8-9147-2BD9474E54C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3770t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1886D007-85B6-4E5A-968D-A1FD476A08A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3820qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDDDCB65-4404-49BC-9515-ECECD58A667F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:3840qm:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8D3E00-64C3-407A-9B00-8B6E383F73FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4500u:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB1B00A1-9C15-47C2-9F57-66586DEACC7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4510u:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB5BF932-459F-4DD2-B160-5FE0371C7D83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4550u:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58ACE96-F1BE-4261-8F94-FC3C6E7C7561",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4558u:*:*:*:*:*:*:*",
              "matchCriteriaId": "783D6EA7-C016-4314-A87B-4FED1DC7114B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4578u:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AD0176F-FFAE-4A85-9327-CE72FE059E90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4600m:*:*:*:*:*:*:*",
              "matchCriteriaId": "A56970C7-F8D3-41B2-A78B-0C7F4A2A4E0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4600u:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D4CE1F-86C8-4E48-9146-9DB57BF540FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4610m:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB7F9D65-5537-4C25-B02B-2393F60D1299",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4610y:*:*:*:*:*:*:*",
              "matchCriteriaId": "F09C8A92-820D-4572-A797-180E17A7DEB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4650u:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA7D77A2-0D9A-4D0D-B0DC-152757917BE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "A07D3F1A-16CE-461F-A2F4-80FE5F841CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C04557A-C508-4FAD-A535-1C0AEFF08075",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AFAE489-6679-4705-BF9C-BB6D385A1DC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4700mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "429A99C8-BC55-4887-893C-7124C1A5DB08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4702ec:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A2B709-CC19-4116-A5BE-5DB5C8B45A12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4702hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "D79DAC74-1F28-4EC8-B417-3FAFFB74C4BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4702mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F1F1377-6220-43FB-BEF9-BAA7B0158147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4710hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "18422CA8-3000-46B1-9065-2369E6B0BE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4710mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D558C66-E80E-4FC7-A0DF-485466390C46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4712hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23EA9AE-9E70-47B5-AD9B-0DF13A0939E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4712mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "860F22F6-4C87-47C5-965E-02A1AFF41A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4720hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A2CA86-BFA8-4C78-987D-AD26F32622F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4722hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEF64E0A-CDB0-427E-A96F-095EFEBA0A3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4750hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "425F6D34-EE60-464B-8EA6-8116EDAA1219",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4760hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEB9F657-1239-4424-A2E8-F8BD98C0095E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4765t:*:*:*:*:*:*:*",
              "matchCriteriaId": "F631403C-0A67-42CB-815C-133EB87E0C95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A4A5A57-B1A2-4BBA-AC36-7EA7DF9CDE06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "0453C0EA-BA67-49D5-964F-35493F97D905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770k:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D4D237E-ACB7-4382-AF5B-D27E634BF867",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770r:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5461EB2-2958-4923-86AF-C74D449120B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770s:*:*:*:*:*:*:*",
              "matchCriteriaId": "45C22141-E698-4E38-AF50-9CE04C1168FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770t:*:*:*:*:*:*:*",
              "matchCriteriaId": "49D0E470-427D-4A68-AFD2-982A4F7CE2D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4770te:*:*:*:*:*:*:*",
              "matchCriteriaId": "43AB50F3-14AC-44BD-B7F0-A683C5FD1A3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4771:*:*:*:*:*:*:*",
              "matchCriteriaId": "713C4B7A-C38A-4818-A258-D07DEDEC906E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4785t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59740BE-FC30-4400-B978-1DB41282971C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790:*:*:*:*:*:*:*",
              "matchCriteriaId": "839728F0-5F23-462F-B493-C37EE4C874F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790k:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F1B47DA-BA53-4D7A-9B5B-582238D5E99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790s:*:*:*:*:*:*:*",
              "matchCriteriaId": "D452F1BF-1FA5-463C-8F13-6357509FB5D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4790t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6D1F4C-B396-468C-BA32-9367A68C95DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4800mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76A812F-D77A-49C8-B7A5-0C08258D4BBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4810mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E001AAB-07EC-47BF-BDE9-BB927872781D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4850hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1DF11F5-61E8-4A98-86C8-49D6B3224FCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4860hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "AED153E7-99A2-4C02-B81B-C3DDF8FAE1A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4870hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "D024802A-EA60-4D9B-B04C-027A0703EABD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4900mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA731F3C-1F04-4EE2-83EC-9486F5032903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4910mq:*:*:*:*:*:*:*",
              "matchCriteriaId": "544A59F6-E731-43C8-8455-69256933E71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4950hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "624258EE-7FFF-4432-9B6D-4D60AA73CD9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4960hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "69A2701A-35A8-4268-B9CF-40BA3219373B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:4980hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "15E671F6-8DED-4735-BE97-58A60E5B5C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5500u:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FC68B2A-8570-4311-BB60-49DBBDAF7430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5550u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9826FA02-937E-4323-B9D5-8AE059ADBE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5557u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8630BB-48AA-4688-A6F0-212C1BB4D14C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5600u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AC98D35-D7D5-4C24-B47E-EDE2A80B2B9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5650u:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2F8ABCB-12C3-4C45-844E-B07F77DA2DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5700eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "326105AC-3926-437E-8AFF-916960107050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5700hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "866E1275-7541-4B80-8FDF-53246A204C15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5750hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "E190929D-D3CC-46E1-A903-0848829061DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5775c:*:*:*:*:*:*:*",
              "matchCriteriaId": "81E4EBCB-B660-4F6A-AD73-81B9D8964162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5775r:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D58CC5-CB46-464D-93B8-6AD5A19AF097",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5850eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "16541D3E-EBBD-4D92-96D8-F169733377AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5850hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F08D257-F570-4D39-A6E8-0F60E55472E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:5950hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "C20ED667-2BFB-41C7-82BA-9F0C0044DA08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7500u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6158ED8A-007E-48B7-99BF-8BA03BF584BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7560u:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBA7096A-F321-49A0-911A-F9683ABE6E6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7567u:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A471395-7F8F-4BA5-962D-4D8F271FAB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7600u:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9484380-92B9-44DB-8E20-DC8DE02D1CA6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7660u:*:*:*:*:*:*:*",
              "matchCriteriaId": "8010808D-805D-4CA3-9EA2-55EB1E57964C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700:*:*:*:*:*:*:*",
              "matchCriteriaId": "9716FE9F-A056-42A3-A241-F2FE37A6386A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73422A3-ECA0-4C41-9AA5-CF7D77885CF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700k:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A96A5AF-C9EF-4DED-AE25-4540A2B02915",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7700t:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5115B12-053A-4866-A833-D6EC88D8F93E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7820eq:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5619D4D-9685-4595-8A5F-A18273FE4213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7820hk:*:*:*:*:*:*:*",
              "matchCriteriaId": "B77E00E7-0EA4-4E32-A693-0E0F66BA4C57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7820hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAA3457E-7E1A-4878-9752-79382E954A66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:7920hq:*:*:*:*:*:*:*",
              "matchCriteriaId": "68630C63-4457-4E12-B7BD-AD456B237FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8550u:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6FB5695-2950-4CEC-81B4-FD280F835330",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8650u:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F340AF8-508F-449D-9AFA-4E55F069B4F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8700:*:*:*:*:*:*:*",
              "matchCriteriaId": "E944410E-D674-4141-B50C-9F55090325FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_i7:8700k:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6438E07-0AC0-4BF9-B0F2-9072CA9639D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y10:*:*:*:*:*:*:*",
              "matchCriteriaId": "5079AA70-C864-4AE2-809C-52B50632F2B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y10a:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D124BCB-D8C3-49F5-B05C-E09B3CEBEBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y10c:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A86291B-C986-4320-BCEF-9F5AD8B309D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y31:*:*:*:*:*:*:*",
              "matchCriteriaId": "1227659F-1393-4189-978B-CC3DC53BF407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y51:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C2DB843-638F-41EF-B486-409318AA2DE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y70:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0004D8A-A186-4DA2-A7AB-18A6456438FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m:5y71:*:*:*:*:*:*:*",
              "matchCriteriaId": "75B6BE9F-F113-4976-951D-53F2E183A95A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m3:6y30:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB005F1-9719-4985-B9D9-2140C962ADD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m3:7y30:*:*:*:*:*:*:*",
              "matchCriteriaId": "A94D0C1B-F30F-4724-915E-192C53FAE58A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m3:7y32:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F247860-1D2C-415C-AFBD-26BD875AAF02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m5:6y54:*:*:*:*:*:*:*",
              "matchCriteriaId": "9697EDCD-A742-4AC6-876E-1080AD684207",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m5:6y57:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E73924A-875B-44D0-8F7C-A822B0488126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:core_m7:6y75:*:*:*:*:*:*:*",
              "matchCriteriaId": "03751B92-EE07-4F16-A476-BD25561810BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j2850:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3A630E1-6CAE-4809-AB18-5002F158AE90",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j2900:*:*:*:*:*:*:*",
              "matchCriteriaId": "A67750FF-EF4B-414F-8ED4-299CAF33B0DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j3710:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A82D885-82F5-4755-BC11-5899E28CEE42",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_j:j4205:*:*:*:*:*:*:*",
              "matchCriteriaId": "88AF1366-8A14-4741-8146-886C31D8D347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3510:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FD75301-E29C-47DC-B53F-DC44EA0C1885",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3520:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C944024-BEAA-43AF-A339-FD69C75E8240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3530:*:*:*:*:*:*:*",
              "matchCriteriaId": "435C69D1-3932-4379-8D18-B1E12D558325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3540:*:*:*:*:*:*:*",
              "matchCriteriaId": "3572B700-73C0-41D1-95FD-FE9D5B0C1F80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3700:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A40DC9-0D4E-4C91-8D1B-3CED95B3952E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n3710:*:*:*:*:*:*:*",
              "matchCriteriaId": "16FB3E4B-05F8-411A-8C86-4ACE03815553",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:pentium_n:n4200:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E55EBC1-6F96-47CD-9503-7855EFB07240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5502:*:*:*:*:*:*:*",
              "matchCriteriaId": "4208DBA1-7F85-4876-9B6C-D1B43EAAB2AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5503:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5ADC8E5-1CE7-4481-A9B5-61BFC6B4FF50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5504:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1789924-FADB-4076-8874-120B29EE6B86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC246667-2F6F-4024-9EAA-2CE3018235C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5507:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21BA7F8-D4B5-4E6B-8FCE-04BBD3501AA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "1341A5D4-A5CE-4D31-A178-01C3069D7A55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "86A5C199-92E5-435C-AC40-175849285104",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5540:*:*:*:*:*:*:*",
              "matchCriteriaId": "67589F54-0A54-4DE7-9A47-A73DD05F7965",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5603:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDC34C8E-1BB9-43CC-9D89-9E6DC435B7EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5606:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BE5163E-9BCF-4BF8-BCB9-B48C4E7E1564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5607:*:*:*:*:*:*:*",
              "matchCriteriaId": "92C5DC8C-3318-440B-8B29-4827F343927B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5620:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ECC47D8-F602-4CEA-B19A-209CE76C9D36",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5630:*:*:*:*:*:*:*",
              "matchCriteriaId": "7514ADD3-DECC-4CC2-9421-A609E526FDC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5640:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ED2EC97-8B2D-47A9-8EC7-D1E0ACBB6C52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5645:*:*:*:*:*:*:*",
              "matchCriteriaId": "691097C3-F91B-499B-BAEB-4E7E9C43B517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e5649:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B3DB1ED-017B-43EF-92A3-A8A88669FBC2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e6510:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A49AAF-0F08-4151-8F74-4EF9C3415B00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e6540:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7A2018-BB4D-4DC1-813D-A4AA3F270893",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e7520:*:*:*:*:*:*:*",
              "matchCriteriaId": "A95D91C4-C539-4458-A6C9-8AE17207AE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e7530:*:*:*:*:*:*:*",
              "matchCriteriaId": "37F9D218-8198-42C7-88FE-7C5382138324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:e7540:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF8FDD81-95EE-4241-93C8-925085A4CE7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:ec5509:*:*:*:*:*:*:*",
              "matchCriteriaId": "614D9E35-10E0-4CCB-B817-C7C8C3947BE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:ec5539:*:*:*:*:*:*:*",
              "matchCriteriaId": "F75F987E-F4DB-46FF-B048-21B4A4C07B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:ec5549:*:*:*:*:*:*:*",
              "matchCriteriaId": "05376F2C-30B6-406D-90F7-6C2E00E85171",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l3406:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCDD3DF6-24BF-4C13-8F07-AF07327E5622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l3426:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1520A64-2157-45D7-A135-F900798C4EB5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5506:*:*:*:*:*:*:*",
              "matchCriteriaId": "05A30F85-5367-4369-B7A5-176D71279FC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5508:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8803FF9-48D7-4AB0-8A17-4590CABD0BFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5518:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DC63B6B-5D6D-477B-9125-007F835981B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5520:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF385AC9-963E-4670-95A6-BE1EBC3890B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5530:*:*:*:*:*:*:*",
              "matchCriteriaId": "943FA088-2902-45A9-A1BA-D612B46A50D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5609:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C80902D-9A6C-47D4-B56F-35C378FC0E63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5618:*:*:*:*:*:*:*",
              "matchCriteriaId": "1100B46C-8485-4048-BFF8-2BAB311EC04A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5630:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9E1646-E154-41BA-B9FA-0839A898023D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5638:*:*:*:*:*:*:*",
              "matchCriteriaId": "03F4C8E6-0043-41A8-94EA-EEBAA1A081E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l5640:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C10985-CBF7-4717-A7D6-2594887D7CB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l7545:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C49886C-B6A0-4D95-8533-329FE5A66F6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:l7555:*:*:*:*:*:*:*",
              "matchCriteriaId": "0788CF23-3FAF-44C9-9AAA-96E4818A1AEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:lc5518:*:*:*:*:*:*:*",
              "matchCriteriaId": "24AF7001-64D1-4BFB-9280-0BA0FAD97A0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:lc5528:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C6E420E-16DA-4FB1-9968-C93E229614FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w3670:*:*:*:*:*:*:*",
              "matchCriteriaId": "07469E04-B3D2-41FE-A2E4-E25A977026CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w3680:*:*:*:*:*:*:*",
              "matchCriteriaId": "60FF402E-5E4F-414A-A3AB-149548303616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w3690:*:*:*:*:*:*:*",
              "matchCriteriaId": "79E2B875-A270-45C0-A1B1-041264E5B290",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w5580:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C828C8C-7ECB-4167-87A9-0F522C400C66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:w5590:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C2C887F-1EF7-468A-A6AE-440793C78DAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3430:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F2F3D7F-D884-4ACD-A103-060F57A9867B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3440:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD1FCAAD-7072-45EC-9ACB-08556458BAF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3450:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4446224-40E8-4AD0-8197-921D3473E19B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3460:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EA159D9-8C7F-4BE5-9093-A21C7D00F7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3470:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92B68FD-771A-4401-8B1D-B1A252356F62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x3480:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B933941-0BE3-4EEB-8FDD-2DAA63343EE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5550:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D060EF0-B29C-4B54-86A0-FD5CFF7B80BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5560:*:*:*:*:*:*:*",
              "matchCriteriaId": "36F737C1-6011-42D2-9690-CA81EA0A283C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5570:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CA7EB6-D1C9-48D9-A69A-2618800A6CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5647:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CA1F3E5-ED7F-4E4C-AD0D-0EEC542A9E51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5650:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED6E3C9B-A661-4B37-B76D-A3F7BD638D4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5660:*:*:*:*:*:*:*",
              "matchCriteriaId": "56C909B0-8FB2-4220-AF93-EECB8D650CC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5667:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF36BAD0-A762-4F84-BE0B-060FE666ED67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5670:*:*:*:*:*:*:*",
              "matchCriteriaId": "007337CD-94FB-4ED9-B4A3-9E0EC52D79B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5672:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCDFA137-F1FC-46BD-9872-D62671B1434D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5675:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E6DBCB3-E912-43A1-914B-5C7CCFAADE25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5677:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FCF36E2-0B42-4F23-97D6-9E79ECCA8FAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5680:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2C67312-E128-4833-A91E-D7A9F96A7AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5687:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F19F408-FABD-4A68-8CDC-C763F0321FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x5690:*:*:*:*:*:*:*",
              "matchCriteriaId": "68A06EC2-E491-4CD5-9904-61A88EBB7FD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x6550:*:*:*:*:*:*:*",
              "matchCriteriaId": "789A8CAE-8D9E-4244-880D-FBE28EC53AED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x7542:*:*:*:*:*:*:*",
              "matchCriteriaId": "F901EE11-D0C9-46F6-8316-D8F4F1D50260",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x7550:*:*:*:*:*:*:*",
              "matchCriteriaId": "E549F600-B9CE-4843-A772-2DACC528903E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon:x7560:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F28E733-87ED-4610-A8EE-BD37BED7685B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_bronze_3104:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB488DD-D97C-4E21-A055-E6CECBBBC34E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_bronze_3106:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC12C97-9966-40E2-8B23-B4453EC9EA6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e-1105c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2832E8BF-7AC7-444C-B297-66F770860571",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1505m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "44AA72FB-E78D-419E-AA82-B0538C6504D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1515m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "687C3BF3-D71A-49AD-8A05-EAC07CBCD949",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "90AF90D9-16C4-4F8A-9868-3E2823E3445C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1535m_v6:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C063C53-8970-45B1-85F8-FB2080BF4695",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1545m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64596ED7-794A-4D23-987B-D9AD59D48EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1558l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2E52BA6-2F2F-4CD2-A601-5B0ADDE5E23F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1565l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDA48F0-0F35-4A8F-8117-B0B28E00AB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1575m_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A561A8E8-79E2-4071-B57D-590C22EF86A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1578l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "92E46658-60AB-4758-9236-3AC0E6464383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "207B8FBA-E2FF-485A-9AD9-E604AE0FB903",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3:1585l_v5:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F99640-C753-40BE-A0A1-4C2D92E7DB09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1105c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA1EC6D3-01CD-4CAB-817D-AE2E72FD0D03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1125c:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F98247B-1839-4676-855B-827A4B6C016B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1125c_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDBA35BD-1048-4B6E-96B2-1CFF615EB49A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6CEEEE2-D6A2-4342-8A73-934093948824",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "979FEE9F-A957-43B6-BB6D-1A851D6FA11C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A7AF59D-D05E-47F9-B493-B5CD6781FDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF7EC93-0170-45A9-86C7-5460320B2AE9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8A7B1C2-D2CE-485A-9376-27E14F3FA05A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5F803AC-DCC7-43FC-BEB3-AA7984E0506C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_12201_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "560993AA-299D-42B7-B77F-1BD0D2114CCB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1220l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C582B1C-1DAC-48FD-82DD-7334C10A2175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7862B0C-2C44-4110-A62A-083116129612",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "048C5996-F719-4338-B148-0DD1C13E02FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0196DA2F-CFA7-44D0-BDF5-37C7403E3B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B9FF7FB-AB5A-4549-8C15-E69458C649E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1225_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CEF6608-B650-4C77-9823-0AD57B3484F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1226_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BE6A2D7-901C-45F9-B487-D674047D522E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DCFCAC5E-6CF1-4EC1-A24C-688DD1016A96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1ADCB509-5B0E-4592-8B23-EC25A3F79D41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB51691F-089F-4016-B25E-238074B06C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBAAC728-6A0F-4675-9677-AAF7DD5D38ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB3BFEFD-3D0D-48B0-A5AE-6F3C2D791CE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1230l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC7E1AFD-9BCE-4487-A8DE-F9C60529CA7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1231_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA37503-FD3D-4220-933C-234631D6EDEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72992831-2A76-456B-A80C-944BDD8591E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1235l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A79C2131-5566-4CC2-B6ED-38E3F6964500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BFDAA6-3DFC-4908-BC33-B05BAB462F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6266056-770A-4E2D-A4FC-F1475257648E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "929AA8F3-8BDF-4614-9806-6D4231735616",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605D7552-8184-4B11-96FD-FE501A6C97DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3144BBDE-CC96-4408-AA02-ECC3BF902A34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8BA77A-34E3-4B9E-822A-7B7A90D35790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1240l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7165B43-ED22-4714-8FA4-1E201D1BFA69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1241_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "67CFB133-FAF0-431A-9765-8A9738D6D87C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2975B0F2-DB7C-4257-985A-482ED2725883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "70221E07-3C2E-4A82-8259-AD583EB5CDDD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DFD78-56CD-43C4-948E-F53AF9D669F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E3E6F5F-6B82-43D9-BD6E-D22F9B991DB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1245_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75AD7649-3FEA-4971-9886-6C9312B937A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1246_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4EE972C-6BAE-4342-BA01-1D685487F9C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1258l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "27CDFE3B-C064-49A9-BD43-3F7612257A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD0EEC1-D695-41A5-8CD6-9E987A547CC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1260l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C35AA9AC-28B3-49C2-A9B5-5D26DFEDB723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DBF25B8-D474-4C6B-8E45-F57DDC7074E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DF18FD1-6670-4C3C-8000-A079C69D575E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1265l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D760EEAF-5CF5-4F25-8FA2-D4F75F4F5A91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "921EB5A5-F911-4FCE-A6F1-C66818B34678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1268l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "13878C13-1C7C-4B83-AF27-4998E8F659DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "023063E1-2DD7-487C-A8A7-939FAEE666A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77255CE6-D7B7-4B48-993C-7100A1170BC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40AC368-3A14-4EFF-A8D0-7EFB4C83045D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3472AA7B-C0CF-4D65-8A6C-B1D52D27F0CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1270_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C07E80D5-70A5-49C9-9044-D683C7ECCFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1271_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "63668AF4-F29C-4424-8EC5-2F0A5950DD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E86616FE-0C3F-4984-A364-8A6A9F01DAD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C1C7CD-538D-4D7A-A81C-10DF5376A479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5922F749-2B23-44B8-8A46-F31BCAEAD279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C48BBAF-6B27-43D6-B86B-40CD8E7BA056",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D75D0EEB-707C-4C86-A569-E91E9F00BA77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1275l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0FB0E20-0243-40A1-8DEF-37150791222E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1276_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68CFF26D-8AD3-4179-9E4C-F06D7C858C9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1278l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7541572C-229F-4963-B7F0-06EB3323E53B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DE669C-27FD-4196-8B8C-1DA4EE4C1D6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "479F7C77-D16F-4E40-9026-3EB8422E0401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A242AC2-9AA6-43FD-90F4-5BF6E80DBB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "04DB08C8-0018-4A8E-A206-097BDDF83B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1280_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7193E85-30BE-42D5-A26B-3F88817F3574",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1281_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "446E8515-45FC-4B8B-8D12-60643D64C07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBBDF6B2-D388-4639-87D8-064AA3F6B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "00AAB8B6-B614-4EAA-BA90-C5326CB5D07A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A371DF9-E224-404F-99C2-C2A4607E62D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F40E356-365D-44B7-8C38-A0C89DDD6D3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1285l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3132029-89F8-4359-A0DC-A275785266A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B02F5685-0636-48AB-B222-434CA1F3B336",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1286l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E51FDD60-88E5-4A86-BB8E-4C2D7EDEFA03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3ED4693C-DECF-4434-90C0-56158F102E7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1290_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB408A6B-0842-43DA-9180-B0A299FCBCE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6215EBAC-7C75-4647-9970-482120897F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1501m_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3357FCAC-B6C4-4E3E-A40B-AB5084A7F9B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B1BD2B6-1AF6-4AD4-94FA-94B453A21908",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505l_v6:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D1FD6E8-80EC-461F-9ED1-CE5912399E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e3_1505m_v5:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E96F585E-BDEF-45EE-B0AB-94FE23753AC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2650l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3279C067-3058-4D46-A739-05404FD0E9B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB4DF0A7-8BC2-48AE-9036-FED6EEC57DF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0855225-F501-486A-BD03-2A86FD252B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "214C7B0C-C438-4000-9F9B-6D83294243AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C91AA2E-4BB2-49C8-9364-4E363DF42CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2658a_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA26781F-5A1C-4DA5-835E-D984D697F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EEA4222-F25D-4457-80AA-6D05CA918D68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F3E60D1-5CF9-4F96-9EDB-D87F8CF57272",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4D321BC-6B1D-4C71-8E16-5A1319CEFD6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6777AC35-9D1F-4153-94AC-B25627D730E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2665:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F063F4-8994-4E46-BA7B-A12A112009BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D6F2DE5-AF11-439A-8D37-30CB882ECD58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E213DD86-5419-42C8-BF38-7795DDB3C582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A972291E-5231-439D-873B-2F87BCAF800A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C089CC54-3229-43D7-AA15-73CFA1A43EE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF268D83-C15D-4559-A46F-844E1D9264F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFE97C0D-3EA1-4314-A74A-7845C7778FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2670_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34293F29-F327-4ADD-BF62-78F63F79BB96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680:*:*:*:*:*:*:*",
              "matchCriteriaId": "528C0A46-1CC4-4882-985A-0BB41525BC6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "643F3522-A452-4927-944D-532574EC4243",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "58F40B78-4DBA-44EE-8420-086789EFF53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2680_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "423BFD8F-4B50-43DA-9979-75FD18FBC953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BAD4A68-0481-476F-BBBD-3D515331368C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2683_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "838CEB7C-7C4C-416C-86CE-6E8DD47EF25B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC7D021F-3C97-45B3-B1F7-0AC26959F22B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A31AEF3-448D-417B-9589-4BA0A06F2FE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7A1D96F-7FFD-413F-ABCE-4530C3D63040",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2687w_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB2B08B-D3C7-4B82-B170-471D6CDEFAE5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B8343FE-1320-40AE-A37F-70EF1A4AC4B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD42BA5A-7DA0-409D-8685-E43CF9B61D9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5FF80E9-CF28-4EF6-9CFE-4B500A434674",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2690_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7896A6C6-5918-4C27-85AF-6FEEFC7F8FD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "647B77A4-2F49-4989-AF43-961D69037370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "805B1E33-F279-4303-9DF3-C81039A40C1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2695_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B971EA9E-AE5C-4A1D-AD55-8241F7B38C9C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7E0AAE-6539-4024-9055-BE0BAD702143",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1A8828-0765-4799-AD6C-143F45FAAD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D34618-1CCA-405B-A49C-EB384A09C2C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2697a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "575D6061-66BC-4862-BC84-ECD82D436E2A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56B6EE64-1AD4-46B2-BA65-BB6282E56EB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2698_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "11650B45-0BDA-42BF-AEF3-83B48DD6A71D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C92BA-827B-48AF-BBB3-FB60A9053C22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC097E24-F6C9-40D9-95E9-7EFDFA61AFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699a_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EB44CA7-DFE6-4B1A-9A63-97AE30017E49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:2699r_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B305EFA-6226-412C-90EE-F0691F2DDDE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F3874FA-63CB-4B5D-8B64-CE920320A4E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4603_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0800ED17-50E4-43F3-B46C-591DFA818BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607:*:*:*:*:*:*:*",
              "matchCriteriaId": "A46B0405-F301-4209-8766-6E12EAFAD157",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4607_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F99F9F1F-A967-4884-96CF-4488102DC0A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9B37AD-4599-425B-B39F-E571F4975266",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5A5F1CF-A1E6-45F1-8B09-36566778DB57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "698C8A49-888B-4675-B3B0-25EDE2FD515E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4610_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D98F97-8EF4-48B5-84BE-C3CC27031FDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4617:*:*:*:*:*:*:*",
              "matchCriteriaId": "B473D1FA-909B-492E-9C5B-94B0E20E1C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD5EA7E-322E-4CE6-89D4-7DB1055C9034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "67836379-4E1A-45CD-9506-7D3F612E47C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B1BBC61-8664-4452-93A7-DDB4D2E4C802",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4620_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4F1B50C-FC5F-47F4-87BC-60E1BD3DD1F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4624l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "044F0375-DF2F-4D9B-AD7E-473D34165E8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CEE9B72-5C4C-40C0-A8A7-9DF11655DA43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A0655CA-A88C-4632-9A18-560E3F63B2F7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4627_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C1454DD-DA51-4CBC-8BB2-09D5AB5777DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4628l_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6965851-3B29-4C21-9556-97FD731EAA85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640:*:*:*:*:*:*:*",
              "matchCriteriaId": "52984FD2-44E0-4E91-B290-0376737EEF6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5D92E2-E718-4247-BA5D-DFE86C0F6AAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF933366-7503-4F8D-B7AA-F6A16210EC37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4640_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E2DAF5D-5BB7-49C6-8426-8B547505B6FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4648_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EABB21D-D021-434B-B147-CAF687097A5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650:*:*:*:*:*:*:*",
              "matchCriteriaId": "7609424D-95F1-4493-A20C-B1BA4EC6439D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "966DC636-C802-4D9F-8162-652AFB931203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A75794EB-A5AF-43F0-985F-D9E36F04C6D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C2CFF0-98FD-4A0D-8949-D554B2FE53D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4650l:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F9217F-5028-4659-AA8E-F60548DE4D52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AC769DC-CF2E-4A3C-A610-264F024E6279",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4655_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2B1CBF-D155-49BC-81A4-4172F177A5C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4657l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "370B2B32-519E-4373-8A04-5C5025D688BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83D9B562-C279-4A55-A347-F28FC4F9CD12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4660_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A8C2BA0-48A8-4107-8681-A7C34C553D8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1B009DE-A82F-4569-9B42-EC1EC4DA8A40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4667_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "683B6E83-37FF-4F9B-915F-059EBB29DB53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E218718F-4BE6-48B0-A204-9DD4A932A654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5:4669_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0AB327-B60A-473C-9D36-97766EE62D7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DA249EE-4786-4E27-8787-5E8B88C2AEB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBD0529-1CF3-44E5-85B3-19A3323C9493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D664EE97-07EC-410F-94C3-AEAB2C6A627D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D31DB981-03B1-4A84-8D87-CD407C3C149F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CBD155D-89D9-4677-A621-4D7613BE65C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02BD0D4-FFFD-4355-97D8-170362F10B9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6635781A-2651-4EF2-A5AC-AEEEE63FDE6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DCE6930-760A-48C0-B964-1E3ED6A8517C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E52DE90-DF96-4CE7-B8D1-226BA50E4D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8EB40E7-9B91-4106-B303-2B70AF395BFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB0D5CD-8AF3-409D-96A7-718641D4B90D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E420B0B-0CD5-41C7-B25A-3DB856055F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B0C295B-0D63-4BE7-830D-D927E00C301C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "605C340D-2220-4669-B827-9009CB099E8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8791879D-2908-4F57-8DB3-6D24100A9108",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEBEDBBA-0427-4DE0-BA8D-737DE7DF80E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1660_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E823DC5B-98BE-4656-BFBF-3A7018F8F213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "64E8D558-ADE0-4358-9C76-7BD77BF23AA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_1680_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7973B3D0-F244-4E26-88F5-A2D9BF2E4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "68E6BAB9-CBA4-4362-BC82-00D2C5CC6FB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2403_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD3F4BFF-3CBE-4E4B-8B29-B203F99CFD8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F5CB567-4F86-4466-BE4D-BFF557ACAE0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2407_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A52611B-6583-4660-90D7-C9472728072B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2408l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E80C6E89-B57C-47BB-8B95-50C03DFB3B96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9AB685B-FEE1-41EF-A046-1B34619E12A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB9F6724-967A-4AF0-9896-12BF6164B2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2418l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC1116BF-12D7-47CC-98DB-18B200CF9C16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBB28DE-726B-4AF0-88A5-35987E1E648B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2420_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EA1DB22-8FBF-4CF6-AA96-5B68EE28877D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1880E2B8-5E0E-4603-8D17-3ABA43D28179",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FAFBB92-1917-4238-832B-195FBE418271",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2428l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DFDF3F-9A3F-42B8-99A1-A3F76B198358",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8778F972-BF34-482F-9FA7-71A77F6138E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F288BB0-FE7A-4900-B227-BE80E4F4AADF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A8DC53A-90C6-47FE-89F1-A1FE8B1C07A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2430l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "57E16338-A094-4CA9-B77F-6FE42D3B422C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2438l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E07AB33-5351-487D-9602-495489C7C0B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "22115ED6-1707-4840-B0D1-AD36BC0C75A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2440_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7C633BC-831F-4CB7-9D62-16693444B216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CF5EE7E-F41B-44EC-9F69-7963B1BF1FB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2448l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DD501E1-E78F-44C6-8A13-C29337B07EBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9085BA0B-B7E2-4908-90C0-B4183891C718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2267CB8-0EE9-4DBD-AD5F-8A13BB62673C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "81971C2F-137A-4F11-8C93-3B99D4CD1B58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2450l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "98E0BDAC-398E-406B-B2DB-AE049D6E98B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCB66D7E-B465-4A8B-8CBD-7E93CCA2CD6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2470_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86AFDE6C-DE58-4C4D-882E-474EF6C3D934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "950C6BF9-AA47-4287-AC01-D183237490FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2355181D-D8EE-4F80-8280-13D5CBCF4779",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5209343F-66B0-4DC0-9111-E2E64CFF7409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2603_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "720109A6-B79E-48E1-9AE7-7708B154788E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "82FF0DBD-AE13-4232-80F7-F4C2E2CC9721",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2608l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5E944ED-8C02-46B8-BF95-0CE4C352753B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "77AEA3D1-4846-46E2-9B80-20B19F00DC11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576978F-E93D-4A47-90B6-6A4E3A7DE558",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D339FE5-001F-4005-88A5-CFFE37F9B63E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2609_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BDABA86-497E-497E-A5BA-46F913A4840A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD886F4C-DB6F-4DDD-9807-8BCBB625C226",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E16912A-7F6A-4A2B-B70F-D1FCD34BC7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2618l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C454B7-E5F4-4AAE-B577-FD71FA002C8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "38BE2781-3A06-4D62-AC8B-68B721DA526B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9AE4EA5-B8C8-4AE2-9614-F9DBDB4D79DC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DA23772-2EB8-4BEE-8703-26D967EC4503",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2620_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "72DC766A-B1F9-4B83-9F9B-CF603EE476BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EA594740-43C5-4F42-BA5B-00CA8AE7BB60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2623_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "572B16E2-8118-43A0-9A80-5D96831D55FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB5C551-BADC-4A3A-93E5-2EBCA0704C51",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5383B7A3-1569-4FEB-B299-B87CE8C8A87B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2628l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05BBDE0-6C47-4489-9455-7DA7D230ECA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1789AA69-EA31-44D1-82E6-228E48E18586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A7D5FF-3B1F-4C64-BB81-7A349765520D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D93A92E9-C8D2-4F6E-A5CA-E8AFFEEC7E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F0498B3-393A-4C32-B338-E6014B956755",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C451F752-6869-4AFA-BAE5-5C9A54427BF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "83710FD1-099B-436D-9640-061D515E10BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "517B71CE-6156-40E1-B068-A2B733E205E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2630l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DEEEE5-5055-4CE1-962C-C5F075F4CC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8718DDAB-3208-48CF-9BCE-54DA1257C16A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE1AA901-E822-4240-9D82-C9311E4F87B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1CDE3DF-8E79-4997-94EB-B517FFCAE55C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2637_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "12A0DE13-EB0B-493B-BC84-3AEB3D454776",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1727697B-1F59-4E29-B036-C32E9076C523",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E69E827C-C0D0-46C7-913A-1C1E02CEAACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2528F3F9-34DC-41DA-8926-382CB3EF5560",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2640_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E452C262-5A8D-4D97-BC7F-A4F5FF53A659",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D57BF69-D750-4278-98AA-976B0D28E347",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "76ADAE30-6CAD-4F5B-B6F7-C18953144C63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A25D792-E21D-43EE-8B9D-67DE066DE5DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2643_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C669783-C058-4B4F-BB9A-84B2C4682247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "159B088B-9A85-4CAA-854A-AA080E528F95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBE74A94-FE8F-4749-A35A-AB7D57E24913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "990AC341-0E67-4A81-87E9-EE3EFD9E847E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2648l_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "53BC18B0-58F1-4477-9978-CA7383C197FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "474992FB-842D-4661-A565-44AF2CD78693",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "476E1B79-5342-4895-96D7-E97DFC1F5334",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBD318D5-89A6-4E28-939C-C5B61396806B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650_v4:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "981AD3FF-1D14-4ECD-8B6F-BCEB7F2409AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A32C7E89-32ED-4328-9313-FA7D3DDBDC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v2:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2792EED8-2CBD-478E-BC09-05FE830B3147",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e5_2650l_v3:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "97B1AF2F-6E48-4DBD-A60E-3088CA4C3771",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2803:*:*:*:*:*:*:*",
              "matchCriteriaId": "34E1691D-65B3-45E4-A544-8B29E38D569D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2820:*:*:*:*:*:*:*",
              "matchCriteriaId": "E42F2703-B8AB-410E-AF7B-CD0BE777F061",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2830:*:*:*:*:*:*:*",
              "matchCriteriaId": "31244C94-00A3-499C-A91A-1BEF2FB0E6B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850:*:*:*:*:*:*:*",
              "matchCriteriaId": "878FF6E8-8A6D-44CE-9DD1-2C912AB8A193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5078A95B-2BD8-4A37-A356-F53D1A53CB37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2860:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BFE67CD-DE53-4C4E-8245-35902AEFA6E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F231D31-3AAD-4C5D-A225-D2DF94486718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5998DF5D-E785-45EC-B8D0-1F4EC4F96D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EADFD013-0BFB-427C-98E6-F9E4774DCBC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:2890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "58620B10-FEA6-456D-B6B5-2745F5DBE82D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4807:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8F698B1-D9CF-4FE5-933D-EFCEA3056E3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4858A1F0-97F2-4258-AB98-027BF1EC5117",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C961A8B-EAFD-4F66-9432-BCC0D154ECCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4809_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "052DE6CD-A1E7-4E81-B476-66EF451061C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BE1AE1E-6FC0-41D8-857C-C5A99CAF5823",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "751B3AC8-D45E-46B6-83D5-311B693F3C0D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9588277A-0B97-4408-9CF7-11271CDAADD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4820_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "479FE854-85E5-4ED0-BFAF-2618C9053082",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830:*:*:*:*:*:*:*",
              "matchCriteriaId": "E048B9BF-77C8-49F7-9F2D-9999F79BA264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CD16D4D-E816-486D-96F4-5A2BF75B959F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "169C558E-1A83-47D5-A66B-035BD1DD56FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4830_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D683E509-3FB2-4175-BCAB-4EB1B5C04958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FCFA915-5445-4732-9F8F-D7561BA4177F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "63A9FD98-C22D-48F6-87A1-60791C818A1E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "85F99F24-1783-4E6E-BE61-04C2E80356ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4850_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "74CC7EB9-3F59-4C0A-B3A1-984BCCFB25BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860:*:*:*:*:*:*:*",
              "matchCriteriaId": "85289E4C-C813-4677-867D-EE8E98F4A1A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4860_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C8150F-BEFA-406D-9F0D-E7CB187E26AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E807F90-819F-4103-B1F7-4CE46971BD63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD93203F-71B9-4F87-B5D8-FD273451C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E652C74-C48D-4F29-9E85-09325632443F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:4890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "99158191-3013-4182-8A53-5DFCA1E2C60A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8830:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7E39A3E-7EAE-47C9-930B-58A980B73FC5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8837:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFDA54BA-C00D-4890-9B7F-328257607B21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F5EFB1E-334C-4B55-8E2E-6AE19B34774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8850_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8260DCA-2F0C-45F7-B35F-D489AF5639F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8857_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7778F81B-6D05-4666-B1D4-53DB0EC16858",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DC6706A-61F7-4AA0-B2FF-0FFDF739A644",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EF1B16B-02F2-4ECA-938E-B5CDCFC67816",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8860_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5501D8-1B0D-4F5A-AFD7-C63181D3281F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1751F0CE-A0D3-40E2-8EEC-D31141FE33A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FF9AFA7-BBE8-4229-94CB-5A9596728BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8867l:*:*:*:*:*:*:*",
              "matchCriteriaId": "E23A777F-68A4-4217-A75A-4D8A27E6451A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CA27DFB-CDD1-4F52-86B3-DB2320A9C7B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "392A4337-11F6-4980-A138-4FDBCAD0EBA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E2E9BB67-F1FF-4190-889F-78B965CCE934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8870_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4185A70-5D10-448E-A9AB-AA9D5CDF0FF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "35607317-0928-4297-A33E-D44BEE1BBEC9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D48323B1-7FEB-451F-A064-23E7CE7F6403",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "29EF4E8A-EF37-4DCC-B5D4-DA89AF31DD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5763189-7980-4A72-92C9-1908FE9E15EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8880l_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C53ACD49-DA21-4DDE-A0AA-FCCD59D29886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4326D350-EBC2-48E6-A2C6-0499F6826CEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8594E6FE-B6DB-4343-B3DD-AEC19923DAF9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8890_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BCADA00-E453-414D-9933-FCB43D21BBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E62212D9-F707-4A8E-AB2A-A3985E7A4049",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "561755A8-8AAD-4F41-8266-747EFDAF2D55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8891_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6F4BB0F-DAF4-479B-B78A-7929C151AA1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A207312E-1D35-4464-A111-22C4C793E146",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9B16E32-07D5-445B-BAA5-4E4A0881BFC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8893_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CF08F6B-2ECB-414C-82D7-C06085BF8B10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_e7:8894_v4:*:*:*:*:*:*:*",
              "matchCriteriaId": "21032BE3-74D8-4C3F-B461-158F475B6853",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5115:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F9AC992-59B7-44EE-9FF3-567AC48938AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5118:*:*:*:*:*:*:*",
              "matchCriteriaId": "B44B3BFF-649A-4C1E-9564-EFA007FA2BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5119t:*:*:*:*:*:*:*",
              "matchCriteriaId": "C04EDD71-15B3-4085-828C-BB7A43DBDCC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5120:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC1BA7AC-989B-4093-841A-C6D5978BF17F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5120t:*:*:*:*:*:*:*",
              "matchCriteriaId": "1874F848-B15B-4369-A164-5FA11D2B9AFE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:5122:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E46F934-9765-43ED-88A7-A4778C99A976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6126:*:*:*:*:*:*:*",
              "matchCriteriaId": "380A8F4F-7D1F-4F79-B555-E5AE18EF9F5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6126f:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8D5217E-9520-4FDB-9330-C8DC2CDDAA70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6126t:*:*:*:*:*:*:*",
              "matchCriteriaId": "B206674F-1A34-470B-820C-05F9C37792CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6128:*:*:*:*:*:*:*",
              "matchCriteriaId": "63AE2051-9F8E-4477-8E1E-38A1E06AD247",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6130:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B39281F-990C-4AA3-9287-CCB5BA7E8AC8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6130f:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EDC0FCF-BD22-42AD-8044-9A64215B91CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6130t:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E0ED8AA-56D8-4CB6-A765-706BE87C9E30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6132:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA890C07-7940-4DF4-96FB-8F71A2EFE5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6134:*:*:*:*:*:*:*",
              "matchCriteriaId": "E95A34F0-0B74-4031-BC9E-CBC93665BE68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6134m:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CD3CF38-0DDD-4C1C-B420-4DE0B1C932CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6136:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BB22DF7-15CE-4340-A05F-BD39FCA41F50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6138:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BA72DC8-2E4E-453A-A3FB-20F31D32B973",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6138f:*:*:*:*:*:*:*",
              "matchCriteriaId": "758E45B6-7C7A-432D-891D-CB99077AE3B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6138t:*:*:*:*:*:*:*",
              "matchCriteriaId": "06B3CDFF-B055-4BB4-98FB-DFF4B2E63A29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6140:*:*:*:*:*:*:*",
              "matchCriteriaId": "26D7A401-BCE1-4673-93C9-67F009B75A39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6140m:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E62119B-2A65-4473-B570-F118614B0ED6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6142:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5319E0-909C-4688-AAA6-6A0B5D19FFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6142f:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F83F9F9-D2DB-4D40-AD61-29E66B050B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6142m:*:*:*:*:*:*:*",
              "matchCriteriaId": "91BE6238-312E-4CF7-9E74-48CB5603B0FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6144:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC09EB6D-7FAC-4B61-83A5-B0DC18D54EB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6146:*:*:*:*:*:*:*",
              "matchCriteriaId": "33BA1BE0-0A78-4E94-A619-35735C913180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6148:*:*:*:*:*:*:*",
              "matchCriteriaId": "3FDD838C-8037-49E1-BAB4-C1D7D29BB9D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6148f:*:*:*:*:*:*:*",
              "matchCriteriaId": "24CA40FE-80C5-4A20-8219-CEF51F3162FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6150:*:*:*:*:*:*:*",
              "matchCriteriaId": "B10305C5-0C2C-48B7-A0AD-2B24AD722EBC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6152:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E8F127-6EAE-4302-BD52-7C3FCCA307D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_gold:6154:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D675EA9-33E7-45ED-B6A9-7117AD2FEE26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7210:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E468FE-73BE-4B20-B774-58EC7CD20CDB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7210f:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF6B19B-7D45-44B3-8524-407253B93EEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7230:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B803FAD-E54D-49FE-A078-029B8FFBBB98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7230f:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC511505-ED67-45B4-B76C-56AB750C4408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7235:*:*:*:*:*:*:*",
              "matchCriteriaId": "A430C232-79EB-4264-AE24-41D4A2A5D990",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7250:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A9E3D4B-A3DF-4858-8C64-0316B6E57435",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7250f:*:*:*:*:*:*:*",
              "matchCriteriaId": "19108672-E1AA-41CC-B86C-061D3721C8B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7285:*:*:*:*:*:*:*",
              "matchCriteriaId": "200D36CF-AEDE-4183-8C54-748E6E5A3218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7290:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF13A44-5163-4282-8EE8-7DC05499B5E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7290f:*:*:*:*:*:*:*",
              "matchCriteriaId": "827C12CE-D87D-489D-ABA7-BE0405EC33D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_phi:7295:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AA78F7-520B-4FFC-838C-DC74FEE8E13F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8153:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CB2949C-4699-49EF-83EB-31199E0CE2DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8156:*:*:*:*:*:*:*",
              "matchCriteriaId": "66C169DC-EEFE-4DE6-A3D0-65B606527240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8158:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD28227A-8888-43B2-BC41-8D54B49DA58C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160:*:*:*:*:*:*:*",
              "matchCriteriaId": "7984BAEA-4518-4E17-830E-B34D09648BD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160f:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2214E5-491E-448F-A4B6-A497FB44D722",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160m:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AE93013-C262-46A5-8E77-D647881EE632",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8160t:*:*:*:*:*:*:*",
              "matchCriteriaId": "85B53CEC-943F-4966-8EC1-CB2C6AD6A15B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8164:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEAC04A3-EBE3-406B-B784-A3547162ECE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8168:*:*:*:*:*:*:*",
              "matchCriteriaId": "15720FFE-B2A4-4347-BCD7-DFA6774C0B8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170:*:*:*:*:*:*:*",
              "matchCriteriaId": "50F46B0E-C746-44B4-B343-E3DCAB4B98DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8170m:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AE30903-4F75-4D71-A8BB-44D1099E9837",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176:*:*:*:*:*:*:*",
              "matchCriteriaId": "98311EAA-26C8-4092-8BE5-4E7BEAA68DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176f:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8CF348-811C-4342-ACB9-AFCABCC34331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8176m:*:*:*:*:*:*:*",
              "matchCriteriaId": "71998EC5-EC0F-496C-B658-3CD91D824944",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_platinum:8180:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1F19B2A-E7A1-4B97-AC40-02B0D3673555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4108:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB6387C9-C0A8-4B26-BC62-802775CD0AD3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4109t:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFEB0164-77C2-4EC2-92FD-5FCE246119CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4110:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDB20210-337C-4220-8CA1-F4B2BC54EBC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4112:*:*:*:*:*:*:*",
              "matchCriteriaId": "F699569F-4F52-4CC0-90D9-CC4CBC32428A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBAED22B-D097-49C4-ADDF-4B3F3E1262D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4114t:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACF5C3C2-EE69-4DE7-A76C-C797192EE7A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116:*:*:*:*:*:*:*",
              "matchCriteriaId": "7756B588-5A63-4508-8BDD-92DB8CB0F4AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:intel:xeon_silver:4116t:*:*:*:*:*:*:*",
              "matchCriteriaId": "316E26AE-67A5-4E75-8F9B-ECF4A03AED51",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:9:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51E86F5-8F94-4E7C-9A63-DAA3FCBE0438",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:15:*:*:*:*:*:*:*",
              "matchCriteriaId": "001AB619-157E-40B4-B86C-5DB18245D62F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:17:*:*:*:*:*:*:*",
              "matchCriteriaId": "1221FB4F-488A-4A52-8788-82ECBF92113B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:57:*:*:*:*:*:*:*",
              "matchCriteriaId": "38D51E27-28A3-47A1-9C36-1A223858E352",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:72:*:*:*:*:*:*:*",
              "matchCriteriaId": "365DF3EF-E7D1-41FC-8382-D3B095542D59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:73:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0B2B122-34A9-4534-A996-8FEAACA71A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:arm:cortex-a:75:*:*:*:*:*:*:*",
              "matchCriteriaId": "C850453B-CDB1-490D-B551-9AC0B27D8A67",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:-:*:*:*:*:*:*",
              "matchCriteriaId": "7151A19C-0AE5-4F66-9E3D-8BF675A8430C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "BEEB72F4-AE57-49DD-8876-1BCA7B805692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:siemens:simatic_winac_rtx_\\(f\\)_firmware:2010:sp2:*:*:*:*:*:*",
              "matchCriteriaId": "7929F123-AC76-4F49-940F-558CABC25E75",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:siemens:simatic_winac_rtx_\\(f\\)_2010:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6034789-ABD1-4035-8378-F0BA7157B087",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C403C49F-3779-4A7A-8D12-B4A32BFD77CF",
              "versionEndExcluding": "5.1.32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:vm_virtualbox:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AEC1DE4-F01C-4D21-8FB6-A0D4460D6CD0",
              "versionEndExcluding": "5.2.6",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
    },
    {
      "lang": "es",
      "value": "Los sistemas con microprocesadores con ejecuci\u00f3n especulativa y predicci\u00f3n indirecta de ramas podr\u00edan permitir la revelaci\u00f3n no autorizada de informaci\u00f3n al atacante con acceso de usuario local mediante un an\u00e1lisis de un canal lateral."
    }
  ],
  "id": "CVE-2017-5715",
  "lastModified": "2024-11-21T03:28:16.943",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 1.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-01-04T13:29:00.227",
  "references": [
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/584653"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102376"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040071"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-254.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0292"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
    },
    {
      "source": "secure@intel.com",
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/36"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/16"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201810-06"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://spectreattack.com/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX231399"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K91229003"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3531-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3531-3/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3540-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3541-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3542-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3549-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3560-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3561-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3580-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3581-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3581-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3582-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3582-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3594-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3597-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3597-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3620-2/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3690-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-3/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4120"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4187"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4188"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43427/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_01"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
    },
    {
      "source": "secure@intel.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "http://www.kb.cert.org/vuls/id/584653"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/102376"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040071"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-254.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "Vendor Advisory"
      ],
      "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/36"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Nov/16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201810-06"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://spectreattack.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.citrix.com/article/CTX231399"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K91229003"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3531-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3531-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3540-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3541-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3542-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3549-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3560-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3561-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3580-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3581-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3581-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3582-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3582-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3594-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3597-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3597-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3620-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3690-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3777-3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4120"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4187"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4188"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4213"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/43427/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/180049"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/support/security/Synology_SA_18_01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
    }
  ],
  "sourceIdentifier": "secure@intel.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-12 15:15
Modified
2024-11-21 06:08
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
References
security@apache.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3EMailing List, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/08/msg00009.htmlMailing List, Third Party Advisory
security@apache.orghttps://security.gentoo.org/glsa/202208-34Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20210827-0007/Third Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-4952Third Party Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10366Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3EMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/08/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202208-34Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210827-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4952Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache tomcat *
apache tomcat *
apache tomcat *
apache tomee 8.0.6
debian debian_linux 9.0
debian debian_linux 10.0
oracle agile_plm 9.3.6
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle communications_diameter_signaling_router *
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_policy_management 12.5.0
oracle communications_pricing_design_center 12.0.0.3.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle graph_server_and_client *
oracle healthcare_translational_research 4.1.0
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle secure_global_desktop 5.6
oracle utilities_testing_accelerator 6.0.0.1.1
oracle utilities_testing_accelerator 6.0.0.2.2
oracle utilities_testing_accelerator 6.0.0.3.1
mcafee epolicy_orchestrator *
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A733D5AD-3CD1-4D8E-8114-00EE3C39AF59",
              "versionEndIncluding": "8.5.66",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "201299B5-52B5-4845-A9E5-22A533A935A3",
              "versionEndIncluding": "9.0.46",
              "versionStartExcluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C73FF8E1-9BE4-404F-B88C-AB7DBF25168E",
              "versionEndIncluding": "10.0.6",
              "versionStartExcluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomee:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD41F07F-EDA1-45B1-8BB4-2918918527D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B7C949D-0AB3-4566-9096-014C82FC1CF1",
              "versionEndIncluding": "8.2.4.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FDBAD8E-C926-4D6F-9FD2-B0428980D6DF",
              "versionEndIncluding": "8.2.4",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29312DB7-AFD2-459E-A166-95437ABED12C",
              "versionEndExcluding": "21.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F5B430-8BA1-4865-93B5-0DE89F424B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "88627B99-16DC-4878-A63A-A40F6FC1F477",
              "versionEndIncluding": "8.0.25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A30F7908-5AF6-4761-BC6A-4C18EFAE48E5",
              "versionEndExcluding": "5.10.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_10:*:*:*:*:*:*",
              "matchCriteriaId": "DB88C165-BB24-49FB-AAF6-087A766D5AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_4:*:*:*:*:*:*",
              "matchCriteriaId": "46385384-5561-40AA-9FDE-A2DE4FDFAD3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_5:*:*:*:*:*:*",
              "matchCriteriaId": "B7CA7CA6-7CF2-48F6-81B5-69BA0A37EF4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_6:*:*:*:*:*:*",
              "matchCriteriaId": "9E4E5481-1070-4E1F-8679-1985DE4E785A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_7:*:*:*:*:*:*",
              "matchCriteriaId": "D9EEA681-67FF-43B3-8610-0FA17FD279E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_8:*:*:*:*:*:*",
              "matchCriteriaId": "C33BA8EA-793D-4E79-BE9C-235ACE717216",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_9:*:*:*:*:*:*",
              "matchCriteriaId": "823DBE80-CB8D-4981-AE7C-28F3FDD40451",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding."
    },
    {
      "lang": "es",
      "value": "Apache Tomcat versiones 10.0.0-M1 hasta 10.0.6, versiones 9.0.0.M1 hasta 9.0.46 y versiones 8.5.0 hasta 8.5.66, no analizaban correctamente el encabezado de petici\u00f3n HTTP transfer-encoding en algunas circunstancias, conllevando a la posibilidad de contrabando de peticiones cuando se usaba con un proxy inverso. Espec\u00edficamente: - Tomcat ignoraba incorrectamente el encabezado de codificaci\u00f3n de transferencia si el cliente declaraba que s\u00f3lo aceptar\u00eda una respuesta HTTP/1.0; - Tomcat honraba la codificaci\u00f3n de identificaci\u00f3n; y - Tomcat no se aseguraba de que, si estaba presente, la codificaci\u00f3n en trozos fuera la codificaci\u00f3n final"
    }
  ],
  "id": "CVE-2021-33037",
  "lastModified": "2024-11-21T06:08:10.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-12T15:15:08.400",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-34"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4952"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-444"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-14 21:15
Modified
2024-11-21 05:02
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2688Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2688Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B92AF50-0155-471E-B5C4-1CFD95F4B7D0",
              "versionEndExcluding": "2.9.10.5",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (tambi\u00e9n se conoce como apache/drill)"
    }
  ],
  "id": "CVE-2020-14060",
  "lastModified": "2024-11-21T05:02:27.900",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-14T21:15:09.817",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-29 12:15
Modified
2024-11-21 04:26
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
References
cve@mitre.orghttp://seclists.org/fulldisclosure/2022/Mar/23Mailing List, Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHBA-2019:2824Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2743Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2935Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2936Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2937Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2938Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2998Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3044Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3045Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3046Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3050Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3200Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3292Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3297Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3901Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2020:0727Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2Patch, Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2387Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190814-0001/Third Party Advisory
cve@mitre.orghttps://support.apple.com/kb/HT213189Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2022/Mar/23Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHBA-2019:2824Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2743Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2935Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2936Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2937Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2938Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2998Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3044Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3045Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3046Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3050Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3200Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3292Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3297Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3901Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0727Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2387Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190814-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT213189Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp oncommand_workflow_automation -
netapp service_level_manager -
netapp snapcenter -
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat openshift_container_platform 4.1
redhat single_sign-on 7.3
redhat enterprise_linux 7.0
redhat openshift_container_platform 3.11
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat single_sign-on 7.3
redhat enterprise_linux 6.0
redhat jboss_enterprise_application_platform 7.2
redhat jboss_enterprise_application_platform 7.3
redhat single_sign-on 7.3
redhat enterprise_linux 8.0
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle communications_instant_messaging_server 10.0.1.3.0
oracle financial_services_analytical_applications_infrastructure *
oracle goldengate_stream_analytics *
oracle jd_edwards_enterpriseone_orchestrator 9.2
oracle jd_edwards_enterpriseone_tools 9.2
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle primavera_gateway 18.8.0
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle retail_xstore_point_of_service 7.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle siebel_engineering_-_installer_\&_deployment *
oracle siebel_ui_framework *
apple xcode *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD",
              "versionEndExcluding": "2.6.7.3",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89660FC3-9198-414C-B89D-C61A4438BA3B",
              "versionEndExcluding": "2.7.9.6",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB8A2D4-0FDE-4216-896B-52824106B97B",
              "versionEndExcluding": "2.8.11.4",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04641592-DAF4-47BB-A9DE-FC4C84A20401",
              "versionEndExcluding": "2.9.9.2",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E939A0E0-3437-459E-9FAB-FE42811B1D32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E939A0E0-3437-459E-9FAB-FE42811B1D32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C3AA5CE-9ACB-4E96-A4C1-50A662D641FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4911A72-5FAE-47C5-A141-2E3CA8E1CCAB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:single_sign-on:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E939A0E0-3437-459E-9FAB-FE42811B1D32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD945A04-174C-46A2-935D-4F92631D1018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51433748-DED0-416D-8BFE-F3493E13772E",
              "versionEndIncluding": "8.0.8",
              "versionStartIncluding": "8.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
              "versionEndExcluding": "19.1.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "989598A3-7012-4F57-B172-02404E20D16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99365245-49E8-4616-BD24-CE564AC1D17E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25993ED6-D4C7-4B68-9F87-274B757A88CC",
              "versionEndIncluding": "19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F10FB4D-A29B-42B4-B70E-EB82A93F2218",
              "versionEndIncluding": "19.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apple:xcode:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0755E91-2F36-4EC3-8727-E8BF0427E663",
              "versionEndExcluding": "13.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution."
    },
    {
      "lang": "es",
      "value": "El archivo SubTypeValidator.java en jackson-databind de FasterXML en versiones anteriores a la 2.9.9.2 maneja inapropiadamente la escritura predeterminada cuando se usa ehcache (debido a net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), lo que conlleva a la ejecuci\u00f3n de c\u00f3digo remoto."
    }
  ],
  "id": "CVE-2019-14379",
  "lastModified": "2024-11-21T04:26:37.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-29T12:15:16.633",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:2824"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2858"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2935"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2936"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2937"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2938"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2998"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3044"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3045"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3046"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3050"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3149"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3200"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3292"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3297"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3901"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0727"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213189"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:2824"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2935"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2936"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2937"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2938"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2998"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3045"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3046"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3050"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3292"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3297"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3901"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.apple.com/kb/HT213189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1321"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-07-09 20:29
Modified
2024-11-21 03:40
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574Patch
cve@mitre.orghttps://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dcPatch
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3EMailing List
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190204-0003/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dcPatch
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3EMailing List
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190204-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
bouncycastle legion-of-the-bouncy-castle-java-crytography-api *
netapp oncommand_workflow_automation -
opensuse leap 15.1
oracle api_gateway 11.1.2.4.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle business_process_management_suite 11.1.1.9.0
oracle business_process_management_suite 12.1.3.0.0
oracle business_process_management_suite 12.2.1.3.0
oracle business_transaction_management 12.1.0
oracle communications_application_session_controller 3.7.1
oracle communications_application_session_controller 3.8.0
oracle communications_converged_application_server *
oracle communications_converged_application_server 7.0.0.1
oracle communications_convergence 3.0.2
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle communications_webrtc_session_controller *
oracle communications_webrtc_session_controller 7.2
oracle data_integrator 12.2.1.3.0
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_for_fusion_middleware 13.2.0.0
oracle enterprise_manager_for_fusion_middleware 13.3.0.0
oracle enterprise_repository 11.1.1.7.0
oracle enterprise_repository 12.1.3.0.0
oracle managed_file_transfer 12.1.3.0.0
oracle managed_file_transfer 12.2.1.3.0
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle retail_convenience_and_fuel_pos_software 2.8.1
oracle retail_xstore_point_of_service 7.0
oracle retail_xstore_point_of_service 7.1
oracle soa_suite 12.1.3.0.0
oracle soa_suite 12.2.1.3.0
oracle utilities_network_management_system 1.12.0.3
oracle utilities_network_management_system 2.3.0.0
oracle utilities_network_management_system 2.3.0.1
oracle utilities_network_management_system 2.3.0.2
oracle webcenter_portal 11.1.1.9.0
oracle webcenter_portal 12.2.1.3.0
oracle weblogic_server 12.2.1.3


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "103B84A1-259F-499D-BF18-BC356433F826",
              "versionEndExcluding": "1.60",
              "versionStartIncluding": "1.58",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "013043A2-0765-4AF5-ABFC-6A8960FFBFD2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B887E174-57AB-449D-AEE4-82DD1A3E5C84",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_transaction_management:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD9D7511-2934-4974-9C9E-3BE03B846734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC967A48-D834-4E9B-8CEC-057E7D5B8174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F920CDE4-DF29-4611-93E9-A386C89EDB62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:7.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BDED89A-7C6F-41E9-A91F-9B09D401F85D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E630B9-B5E5-442A-B75C-1E4771072A03",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
              "versionEndExcluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FEB8446-7EAC-4A8D-B6EE-3AAC2294C324",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F4E0F9A-D925-43FB-A1B7-452EEAE6BE2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "96B35E9A-5557-4D77-AE53-816B3C481E02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEB446C9-1AC2-4D7D-83DE-08934DDFC8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_convenience_and_fuel_pos_software:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "78DE9DFD-BB57-4BCF-BF73-FFCFF62420D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F87FC90-16D0-4051-8280-B0DD4441F10B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:soa_suite:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF4C318C-5D1E-479B-9597-9FAD9E186111",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D7B9B6-B41A-4DEA-9946-59A84FAC57E5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EB1CD1A-E760-4357-AF51-B38A852FA980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:2.3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "693C97B5-25B4-4DF3-A7D7-02C722A3DD88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
    },
    {
      "lang": "es",
      "value": "Las API Legion of the Bouncy Castle Java Cryptography de Legion of the Bouncy Castle en versiones hasta 1.58 pero sin incluir la versi\u00f3n 1.60, contiene una debilidad CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027), vulnerabilidad en la deserializaci\u00f3n de la clave privada XMSS/XMSS^MT que puede resultar en desrealizar una clave privada XMSS/XMSS^MT puede resultar en la ejecuci\u00f3n de c\u00f3digo inesperado. Este ataque parece ser explotable por medio de una clave privada artesanal que puede incluir referencias a clases inesperadas que se recoger\u00e1n del class path para la aplicaci\u00f3n en ejecuci\u00f3n. Esta vulnerabilidad parece haber sido solucionada en la versi\u00f3n 1.60 y versiones posteriores."
    }
  ],
  "id": "CVE-2018-1000613",
  "lastModified": "2024-11-21T03:40:13.780",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-07-09T20:29:00.283",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-470"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-26 13:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2662Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2662Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionado con org.aoju.bus.proxy.provider.remoting.RmiProvider (tambi\u00e9n se conoce como bus-proxy)."
    }
  ],
  "id": "CVE-2020-10968",
  "lastModified": "2024-11-21T04:56:28.520",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-26T13:15:12.970",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2666Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2666Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionado con org.apache.commons.proxy.provider.remoting.RmiProvider (tambi\u00e9n se conoce como apache/commons-proxy)."
    }
  ],
  "id": "CVE-2020-11112",
  "lastModified": "2024-11-21T04:56:49.010",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-31T05:15:13.070",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-12-07 20:15
Modified
2024-11-21 05:08
Severity ?
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
References
security@apache.orghttps://groovy-lang.org/security.html#CVE-2020-17521Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
security@apache.orghttps://security.netapp.com/advisory/ntap-20201218-0006/Third Party Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://groovy-lang.org/security.html#CVE-2020-17521Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20201218-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache groovy *
apache groovy *
apache groovy *
apache groovy 4.0.0
netapp snapcenter -
oracle agile_engineering_data_management 6.2.1.0
oracle agile_plm 9.3.3
oracle agile_plm 9.3.6
oracle agile_plm_mcad_connector 3.4
oracle agile_plm_mcad_connector 3.6
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle communications_brm_-_elastic_charging_engine 11.3.0.9.0
oracle communications_brm_-_elastic_charging_engine 12.0.0.3
oracle communications_diameter_signaling_router 8.4.0.0
oracle communications_evolved_communications_application_server 7.1
oracle communications_services_gatekeeper 6.0
oracle communications_services_gatekeeper 6.1
oracle communications_services_gatekeeper 7.0
oracle healthcare_data_repository 7.0.2
oracle hospitality_opera_5 5.6
oracle ilearning 6.2
oracle ilearning 6.3
oracle insurance_policy_administration *
oracle jd_edwards_enterpriseone_orchestrator 9.2.6.0
oracle primavera_gateway *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle retail_bulk_data_integration 15.0.3.0
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_merchandising_system 16.0.3
oracle retail_store_inventory_management 14.1.3.10
oracle retail_store_inventory_management 15.0.3.5
oracle retail_store_inventory_management 16.0.3.5
apache atlas 2.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "456A1063-1BEE-435C-8767-0A994A1E4F9E",
              "versionEndIncluding": "2.4.20",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3AA8344-EDA5-4DD3-8A06-0AA3588420E5",
              "versionEndIncluding": "2.5.13",
              "versionStartIncluding": "2.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:groovy:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC0AC067-60A2-4A32-9A4A-0C24F8BE9D7B",
              "versionEndIncluding": "3.0.6",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:groovy:4.0.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "9A1B3EB0-63AD-41DA-920E-5DF8BCF6217A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "C80E730D-EE38-4E85-A9F8-86D7F44A8488",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C0714E-4255-4095-B26C-70EB193B8F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0971C780-60F9-4272-9D97-686896F9983A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "06594847-96ED-4541-B2F4-C7331B603603",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A4D2E02-D02C-43F0-9A5A-DE359112C8F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA4E8A1E-FBB5-4EAC-9A7F-6FE95A1B5F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3287751-9F54-4806-81D2-E28A42DF1407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D361A9A8-15B0-4527-868B-80998772F2AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A667A37-59EB-4539-ADCA-D5F789DB6744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E883986-13DA-470F-95C4-BEBD0EDFEB9C",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEEAC2F0-2FD4-455B-BA9E-29F04A060C65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "890D7B8E-772C-4CB3-B208-ADFB0A1D7AD5",
              "versionEndIncluding": "17.12.10",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "254D8CE1-E821-44A6-9CAF-03D03986478B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5D2391-A8AD-4593-939D-80A6A5839C0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA07EE18-15DE-4846-AADD-A3AC055DA94B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F01362F-FF62-45EB-91E2-AF4D05011837",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:atlas:2.1.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "4223F0EE-9464-4CAA-9745-BDC5402A02F5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy\u0027s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2."
    },
    {
      "lang": "es",
      "value": "Apache Groovy provee m\u00e9todos de extensi\u00f3n para ayudar a crear directorios temporales. Antes de esta correcci\u00f3n, la implementaci\u00f3n de Groovy de esos m\u00e9todos de extensi\u00f3n utilizaba una llamada al m\u00e9todo JDK de Java ahora reemplazada que potencialmente no es segura en algunos sistemas operativos en algunos contextos. Los usuarios que no usen los m\u00e9todos de extensi\u00f3n mencionados en el aviso no est\u00e1n afectados, pero es posible que deseen leer el aviso para obtener m\u00e1s detalles. Versiones afectadas: 2.0 hasta 2.4.20, 2.5.0 hasta 2.5.13, 3.0.0 hasta 3.0.6 y 4.0.0-alpha-1. Corregido en las versiones 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2"
    }
  ],
  "id": "CVE-2020-17521",
  "lastModified": "2024-11-21T05:08:16.887",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-07T20:15:12.633",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://groovy-lang.org/security.html#CVE-2020-17521"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201218-0006/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://groovy-lang.org/security.html#CVE-2020-17521"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201218-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-08-10 16:29
Modified
2024-11-21 02:42
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
References
security@apache.orghttp://rhn.redhat.com/errata/RHSA-2017-0457.htmlThird Party Advisory
security@apache.orghttp://www.debian.org/security/2016/dsa-3720Third Party Advisory
security@apache.orghttp://www.securityfocus.com/bid/93939Broken Link
security@apache.orghttp://www.securitytracker.com/id/1037144Broken Link
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:0455Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:0456Third Party Advisory
security@apache.orghttps://access.redhat.com/errata/RHSA-2017:2247Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://security.netapp.com/advisory/ntap-20180605-0001/Third Party Advisory
security@apache.orghttps://usn.ubuntu.com/4557-1/Third Party Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2017-0457.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2016/dsa-3720Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/93939Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1037144Broken Link
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0455Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:0456Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:2247Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20180605-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4557-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache tomcat *
apache tomcat *
apache tomcat *
apache tomcat *
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
canonical ubuntu_linux 16.04
debian debian_linux 8.0
redhat jboss_enterprise_web_server 3.0.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_eus 7.4
redhat enterprise_linux_eus 7.5
redhat enterprise_linux_eus 7.6
redhat enterprise_linux_eus 7.7
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_workstation 7.0
netapp oncommand_insight -
netapp oncommand_shift -
netapp snap_creator_framework -
oracle communications_diameter_signaling_router *
oracle tekelec_platform_distribution *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0956A16-7E61-40E4-B107-2A0EEA1208C5",
              "versionEndIncluding": "6.0.45",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DCDF5FD-A879-4E78-A572-78C325F13C85",
              "versionEndIncluding": "7.0.70",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D30B2FCD-09F0-4647-84AE-343ECD724D45",
              "versionEndIncluding": "8.0.36",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E7CA297-C102-4AF2-82D1-EF565ACCD1F5",
              "versionEndIncluding": "8.5.4",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E2F2F98-DB90-43F6-8F28-3656207B6188",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F96E3779-F56A-45FF-BB3D-4980527D721E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF73560-2F5B-4723-A8A1-9AADBB3ADA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BF3C7A5-9117-42C7-BEA1-4AA378A582EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "83737173-E12E-4641-BC49-0BD84A6B29D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
              "versionEndIncluding": "7.7.1",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder."
    },
    {
      "lang": "es",
      "value": "Las implementaciones Realm en Apache Tomcat versiones 9.0.0.M1 a 9.0.0.M9, 8.5.0 a 8.5.4, 8.0.0.RC1 a 8.0.36, 7.0.0 a 7.0.70, y 6.0.0 a 6.0.45 no procesaban la contrase\u00f1a proporcionada si el nombre de usuario proporcionado no exist\u00eda. Esto hizo posible la realizaci\u00f3n de un ataque basado en tiempo para determinar nombres de usuario v\u00e1lidos. Tenga en cuenta que la configuraci\u00f3n por defecto incluye LockOutRealm, lo que hace que sea m\u00e1s dif\u00edcil explotar esta vulnerabilidad."
    }
  ],
  "id": "CVE-2016-0762",
  "lastModified": "2024-11-21T02:42:19.707",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-08-10T16:29:00.313",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3720"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/93939"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1037144"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0455"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0456"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2247"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4557-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2016/dsa-3720"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/93939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1037144"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0455"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:0456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:2247"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4557-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-11 20:29
Modified
2024-11-21 03:59
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/104260Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1257Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104260Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1257Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
redhat openshift -
oracle agile_product_lifecycle_management 9.3.3
oracle agile_product_lifecycle_management 9.3.4
oracle agile_product_lifecycle_management 9.3.5
oracle agile_product_lifecycle_management 9.3.6
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle communications_unified_inventory_management 7.3.2
oracle communications_unified_inventory_management 7.3.4
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.0
oracle endeca_information_discovery_integrator 3.1.0
oracle endeca_information_discovery_integrator 3.2.0
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_manager_for_mysql_database 13.2
oracle enterprise_manager_ops_center 12.3.3
oracle flexcube_private_banking 2.0.0.0
oracle flexcube_private_banking 2.2.0.1
oracle flexcube_private_banking 12.0.1.0
oracle flexcube_private_banking 12.0.3.0
oracle flexcube_private_banking 12.1.0.0
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4
oracle utilities_network_management_system 1.12.0.3
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6EAA87A1-BA40-4A91-B042-3EFD799C3FA2",
              "versionEndExcluding": "4.3.17",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48D8AB57-AD2F-406F-9FBA-CF74BFAF90EF",
              "versionEndExcluding": "5.0.6",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F08E234C-BDCF-4B41-87B9-96BD5578CBBF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "18260EE8-9BC0-4BA1-9642-90FE052E8B18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0BB81C3-29FD-4AE0-8D46-456FAF135F6C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C25F23-6800-48A2-881C-C2A2C3FA045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADEA6A93-BD78-47DC-B3C3-6D27239C6647",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5104F0A-CD23-4A6E-AD59-B6F5A949B006",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "350DFE94-C24A-40FE-98F8-246D5B7F9D83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "499A382A-8183-4080-8D48-0E00D5E44EE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C24CC1-850E-4BB2-9B50-ABE61984451E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a trav\u00e9s del m\u00f3dulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de denegaci\u00f3n de servicio (DoS) de expresi\u00f3n regular."
    }
  ],
  "id": "CVE-2018-1257",
  "lastModified": "2024-11-21T03:59:28.767",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-11T20:29:00.213",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104260"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1809"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3768"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1257"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1809"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:3768"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1257"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-06-19 23:15
Modified
2024-11-21 04:41
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.htmlExploit, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
oracle communications_diameter_signaling_router 8.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle communications_network_integrity *
oracle hyperion_infrastructure_technology 11.1.2.4
oracle hyperion_infrastructure_technology 11.2.5.0
oracle identity_manager 11.1.2.3.0
oracle identity_manager 12.2.1.3.0
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle storagetek_tape_analytics_sw_tool 2.3
oracle tape_library_acsls 8.5
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64CF7491-6143-4332-8C93-4CB2FB1D652B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2",
              "versionEndIncluding": "7.3.6",
              "versionStartIncluding": "7.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "94E0BBD6-D551-4FC8-A5B1-74730D863B45",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager:11.1.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142CD3F8-6523-49C9-BCC1-B01F55DBBE39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Oracle WebLogic Server de Oracle Fusion Middleware (subcomponente: Web Services). Las versiones compatibles que se ven afectadas son 10.3.6.0.0, 12.1.3.0.0 y 12.2.1.3.0. Vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle WebLogic Server. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle WebLogic Server. CVSS 3.0 Puntuaci\u00f3n Base 9.8 (Impactos de confidencialidad, integridad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2019-2729",
  "lastModified": "2024-11-21T04:41:26.070",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-06-19T23:15:10.003",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-21 15:15
Modified
2024-11-21 05:04
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
oracle communications_diameter_signaling_router *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Communications Diameter Signaling Router (DSR) de Oracle Communications (componente: User Interface).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 8.0.0.0-8.4.0.5.\u0026#xa0;Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle Communications Diameter Signaling Router (DSR).\u0026#xa0;Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 en Oracle Communications Diameter Signaling Router (DSR), los ataques pueden impactar significativamente a productos adicionales.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada,\u0026#xa0;insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Communications Diameter Signaling Router (DSR), as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Communications Diameter Signaling Router (DSR).\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 6.1 (Impactos de la Confidencialidad e Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14788",
  "lastModified": "2024-11-21T05:04:09.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:18.983",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-01-16 19:30
Modified
2024-11-21 04:40
Severity ?
6.5 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttp://www.securityfocus.com/bid/106580Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/106580Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
oracle communications_diameter_signaling_router *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el componente Oracle Communications Diameter Signaling Router (DSR) de Oracle Communications Applications (subcomponente: Security). Las versiones compatibles afectadas son las anteriores a la 8.3. Una vulnerabilidad f\u00e1cilmente explotable permite que un atacante sin autenticar que tenga acceso a red por HTTP comprometa la seguridad de Oracle Communications Diameter Signaling Router (DSR). Los ataques exitosos a esta vulnerabilidad pueden resultar en un acceso de lectura sin autorizaci\u00f3n de un subconjunto de datos accesibles de Oracle Communications Diameter Signaling Router (DSR). Adem\u00e1s, esto podr\u00eda dar lugar a que el atacante consiga provocar una denegaci\u00f3n de servicio parcial (DoS parcial) de Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Impactos de confidencialidad y disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
    }
  ],
  "id": "CVE-2019-2399",
  "lastModified": "2024-11-21T04:40:47.753",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-01-16T19:30:30.843",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106580"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/106580"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-01 21:15
Modified
2024-11-21 05:11
Severity ?
5.3 (Medium) - CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
References
security@apache.orghttp://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://security.netapp.com/advisory/ntap-20220210-0001/Patch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220210-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache cxf *
apache cxf *
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_session_report_manager *
oracle enterprise_manager_base_platform 13.2.1.0
oracle peoplesoft_enterprise_peopletools 8.56
netapp oncommand_workflow_automation -
netapp snapmanager -
oracle communications_diameter_signaling_router_idih\
oracle communications_element_manager *
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.2.1.0
oracle peoplesoft_enterprise_peopletools 8.56


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD0BC46-24B2-493D-8FF3-BF4D49A5F215",
              "versionEndExcluding": "3.2.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18E7E391-B755-4F71-934A-B16CA8351D78",
              "versionEndExcluding": "3.3.6",
              "versionStartIncluding": "3.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router_idih\\::*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FAFED7F5-03FA-43B5-AD13-1130F0324448",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
    },
    {
      "lang": "es",
      "value": "Apache CXF posee la capacidad de integrarse con JMX mediante el registro de una extensi\u00f3n InstrumentationManager con el bus CXF. Si la propiedad \"createMBServerConnectorFactory\" del InstrumentationManagerImpl predeterminado no est\u00e1 deshabilitada, entonces es vulnerable a un ataque de estilo man-in-the-middle (MITM). Un atacante en el mismo host puede conectar con el registro y volver a vincular la entrada a otro servidor, y as\u00ed actuar como un proxy del original. Pueden luego obtener acceso a toda la informaci\u00f3n que es enviada y recibida a trav\u00e9s de JMX."
    }
  ],
  "id": "CVE-2020-1954",
  "lastModified": "2024-11-21T05:11:43.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "ADJACENT_NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:A/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 5.5,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "ADJACENT_NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-01T21:15:14.597",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2017-06-27 17:29
Modified
2024-11-21 03:36
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
References
cve@mitre.orghttp://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/101798Broken Link
cve@mitre.orghttp://www.securitytracker.com/id/1039812Broken Link
cve@mitre.orghttps://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5Patch, Third Party Advisory
cve@mitre.orghttps://github.com/sebastianbergmann/phpunit/pull/1956Patch, Third Party Advisory
cve@mitre.orghttps://security.gentoo.org/glsa/201711-15Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/101798Broken Link
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039812Broken Link
af854a3a-2127-422b-91ae-364da2661108https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/sebastianbergmann/phpunit/pull/1956Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201711-15Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
phpunit_project phpunit *
phpunit_project phpunit *
oracle communications_diameter_signaling_router *


To clipboard 

{
  "cisaActionDue": "2022-08-15",
  "cisaExploitAdd": "2022-02-15",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "PHPUnit Command Injection Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phpunit_project:phpunit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "041F2C78-1910-4BAF-A01E-995CF0AC6C65",
              "versionEndIncluding": "4.8.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phpunit_project:phpunit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DD2DD59-8DEF-4713-A8EA-1EFE10282C6E",
              "versionEndExcluding": "5.6.3",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a \"\u003c?php \" substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI."
    },
    {
      "lang": "es",
      "value": "Util/PHP/eval-stdin.php en PHPUnit, en versiones anteriores a la 4.8.28 y en versiones 5.x anteriores a la 5.6.3, permite que atacantes remotos ejecuten c\u00f3digo PHP arbitrario mediante datos HTTP POST que comienzan por una subcadena \""
    }
  ],
  "id": "CVE-2017-9841",
  "lastModified": "2024-11-21T03:36:57.930",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-06-27T17:29:00.177",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101798"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-15"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securityfocus.com/bid/101798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "http://www.securitytracker.com/id/1039812"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201711-15"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-05 15:15
Modified
2024-11-21 05:00
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podThird Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/compare/v5.30.2...v5.30.3Patch, Third Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/issues/16947Third Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/issues/17743Third Party Advisory
cve@mitre.orghttps://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184aPatch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
cve@mitre.orghttps://security.gentoo.org/glsa/202006-03Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200611-0001/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/issues/16947Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/issues/17743Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184aPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202006-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200611-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
perl perl *
netapp oncommand_workflow_automation -
netapp snap_creator_framework -
fedoraproject fedora 31
opensuse leap 15.1
oracle communications_billing_and_revenue_management 12.0.0.2.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_diameter_signaling_router *
oracle communications_eagle_application_processor *
oracle communications_eagle_lnp_application_processor 10.1
oracle communications_eagle_lnp_application_processor 10.2
oracle communications_lsms *
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle communications_performance_intelligence_center *
oracle communications_performance_intelligence_center *
oracle configuration_manager 12.1.2.0.8
oracle enterprise_manager_base_platform 13.4.0.0
oracle sd-wan_edge 8.2
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle tekelec_platform_distribution *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
              "versionEndExcluding": "5.30.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
              "versionEndIncluding": "16.4.0",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
              "versionEndIncluding": "13.4",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
              "versionEndIncluding": "10.3.0.2.1",
              "versionStartIncluding": "10.3.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
              "versionEndIncluding": "10.4.0.3.1",
              "versionStartIncluding": "10.4.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
              "versionEndIncluding": "7.7.1",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
    },
    {
      "lang": "es",
      "value": "En el archivo regcomp.c en Perl versiones anteriores a 5.30.3, permite un desbordamiento del b\u00fafer por medio de una expresi\u00f3n regular dise\u00f1ada debido a llamadas recursivas de la funci\u00f3n S_study_chunk"
    }
  ],
  "id": "CVE-2020-12723",
  "lastModified": "2024-11-21T05:00:08.870",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-05T15:15:10.800",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/issues/16947"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/issues/17743"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-03"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/issues/16947"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/issues/17743"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-120"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-14 20:15
Modified
2024-11-21 05:02
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2704Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2704Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp steelstore_cloud_integrated_storage -
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B92AF50-0155-471E-B5C4-1CFD95F4B7D0",
              "versionEndExcluding": "2.9.10.5",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (tambi\u00e9n se conoce como xalan2)"
    }
  ],
  "id": "CVE-2020-14062",
  "lastModified": "2024-11-21T05:02:28.530",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-14T20:15:10.167",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-20 19:15
Modified
2024-11-21 05:40
Severity ?
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
References
security@apache.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.htmlThird Party Advisory
security@apache.orghttp://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
security@apache.orghttp://seclists.org/fulldisclosure/2020/Jun/6Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/03/01/2Mailing List, Third Party Advisory
security@apache.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10332Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3EMailing List, Mitigation, Patch, Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2020/05/msg00020.htmlThird Party Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlThird Party Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2020/07/msg00010.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
security@apache.orghttps://security.gentoo.org/glsa/202006-21Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20200528-0005/Third Party Advisory
security@apache.orghttps://usn.ubuntu.com/4448-1/Third Party Advisory
security@apache.orghttps://usn.ubuntu.com/4596-1/Third Party Advisory
security@apache.orghttps://www.debian.org/security/2020/dsa-4727Third Party Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.html
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2020/Jun/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/03/01/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10332Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3EMailing List, Mitigation, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/05/msg00020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/07/msg00010.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202006-21Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200528-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4448-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4596-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4727Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache tomcat *
apache tomcat *
apache tomcat *
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 9.0.0
apache tomcat 10.0.0
apache tomcat 10.0.0
apache tomcat 10.0.0
apache tomcat 10.0.0
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
opensuse leap 15.1
fedoraproject fedora 31
fedoraproject fedora 32
canonical ubuntu_linux 16.04
canonical ubuntu_linux 20.04
oracle agile_engineering_data_management 6.2.1.0
oracle agile_plm 9.3.3
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle database 12.2.0.1
oracle database 19c
oracle database 21c
oracle fmw_platform 12.2.1.3.0
oracle fmw_platform 12.2.1.4.0
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle instantis_enterprisetrack *
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle mysql_enterprise_monitor *
oracle retail_order_broker 15.0
oracle siebel_apps_-_marketing *
oracle siebel_ui_framework *
oracle transportation_management 6.3.7
oracle workload_manager 12.2.0.1
oracle workload_manager 18c
oracle workload_manager 19c
mcafee epolicy_orchestrator 5.9.0
mcafee epolicy_orchestrator 5.9.1
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0
mcafee epolicy_orchestrator 5.10.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE5E91B0-1B3B-4871-ADD0-C772DA1894E6",
              "versionEndExcluding": "7.0.108",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F32163D-F54D-48C9-AE9D-44ABA776B060",
              "versionEndExcluding": "8.5.63",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C570AD4E-B51D-4490-83B9-BFC8528514EF",
              "versionEndExcluding": "9.0.43",
              "versionStartIncluding": "9.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "9D0689FE-4BC0-4F53-8C79-34B21F9B86C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "89B129B2-FB6F-4EF9-BF12-E589A87996CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone11:*:*:*:*:*:*",
              "matchCriteriaId": "8B6787B6-54A8-475E-BA1C-AB99334B2535",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone12:*:*:*:*:*:*",
              "matchCriteriaId": "EABB6FBC-7486-44D5-A6AD-FFF1D3F677E1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone13:*:*:*:*:*:*",
              "matchCriteriaId": "E10C03BC-EE6B-45B2-83AE-9E8DFB58D7DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone14:*:*:*:*:*:*",
              "matchCriteriaId": "8A6DA0BE-908C-4DA8-A191-A0113235E99A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone15:*:*:*:*:*:*",
              "matchCriteriaId": "39029C72-28B4-46A4-BFF5-EC822CFB2A4C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone16:*:*:*:*:*:*",
              "matchCriteriaId": "1A2E05A3-014F-4C4D-81E5-88E725FBD6AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone17:*:*:*:*:*:*",
              "matchCriteriaId": "166C533C-0833-41D5-99B6-17A4FAB3CAF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone18:*:*:*:*:*:*",
              "matchCriteriaId": "D3768C60-21FA-4B92-B98C-C3A2602D1BC4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone19:*:*:*:*:*:*",
              "matchCriteriaId": "DDD510FA-A2E4-4BAF-A0DE-F4E5777E9325",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "9F542E12-6BA8-4504-A494-DA83E7E19BD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone20:*:*:*:*:*:*",
              "matchCriteriaId": "C2409CC7-6A85-4A66-A457-0D62B9895DC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone21:*:*:*:*:*:*",
              "matchCriteriaId": "B392A7E5-4455-4B1C-8FAC-AE6DDC70689E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone22:*:*:*:*:*:*",
              "matchCriteriaId": "EF411DDA-2601-449A-9046-D250419A0E1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone23:*:*:*:*:*:*",
              "matchCriteriaId": "D7D8F2F4-AFE2-47EA-A3FD-79B54324DE02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone24:*:*:*:*:*:*",
              "matchCriteriaId": "1B4FBF97-DE16-4E5E-BE19-471E01818D40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone25:*:*:*:*:*:*",
              "matchCriteriaId": "3B266B1E-24B5-47EE-A421-E0E3CC0C7471",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone26:*:*:*:*:*:*",
              "matchCriteriaId": "29614C3A-6FB3-41C7-B56E-9CC3F45B04F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone27:*:*:*:*:*:*",
              "matchCriteriaId": "C6AB156C-8FF6-4727-AF75-590D0DCB3F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "C0C5F004-F7D8-45DB-B173-351C50B0EC16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "D1902D2E-1896-4D3D-9E1C-3A675255072C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "49AAF4DF-F61D-47A8-8788-A21E317A145D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone6:*:*:*:*:*:*",
              "matchCriteriaId": "454211D0-60A2-4661-AECA-4C0121413FEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone7:*:*:*:*:*:*",
              "matchCriteriaId": "0686F977-889F-4960-8E0B-7784B73A7F2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone8:*:*:*:*:*:*",
              "matchCriteriaId": "558703AE-DB5E-4DFF-B497-C36694DD7B24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:9.0.0:milestone9:*:*:*:*:*:*",
              "matchCriteriaId": "ED6273F2-1165-47A4-8DD7-9E9B2472941B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "90CD7E85-4FF9-4158-AC78-4BFCBC882A65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "7EA56B52-1015-40CD-B10C-393768094269",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "501B0D4A-D636-4736-979B-D5023599CEFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "94E7764F-BF9E-463E-B446-A9A8DB92BB97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:12.2.0.1:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "46E7237C-00BD-4490-96C3-A8EAE4CE2C0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:19c:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "C1E05472-8F3A-4E46-90E5-50EA6D555FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database:21c:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "02E34416-E767-4F61-8D2C-0D0202351F91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C5E9A12-BFE9-4963-A360-A34168A6BF6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fmw_platform:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA2E1357-E3A1-461C-B7A0-A9446E45496D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A74FD5F-4FEA-4A74-8B92-72DFDE6BA464",
              "versionEndIncluding": "17.3",
              "versionStartIncluding": "17.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "70C60E6C-1A61-422B-A132-FB024761F576",
              "versionEndIncluding": "8.0.21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_apps_-_marketing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AACBCC9-FDAC-42DF-B931-BD908CAF5C65",
              "versionEndIncluding": "21.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30DB69BD-0F6E-4AB5-A861-7CB911C35660",
              "versionEndIncluding": "20.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:transportation_management:6.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A58642E0-CA59-4DE6-A83C-F551FC621C32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:workload_manager:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD848FE1-CFD7-490C-B008-DF3B30F3256F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:workload_manager:18c:*:*:*:*:*:*:*",
              "matchCriteriaId": "630C8E99-FE49-486E-9003-40B82809B7A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:workload_manager:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "C842DE9E-5E12-4295-AFA5-DEB5FEDE490A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEB90C24-D252-4099-A7A1-9F8754DFB4A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "106FDF5A-D377-4E5F-8BF9-09290019C98A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "0F30D3AF-4FA3-4B7A-BE04-C24E2EA19A95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_1:*:*:*:*:*:*",
              "matchCriteriaId": "7B00DDE7-7002-45BE-8EDE-65D964922CB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_2:*:*:*:*:*:*",
              "matchCriteriaId": "FF806B52-DAD5-4D12-8BB6-3CBF9DC6B8DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:epolicy_orchestrator:5.10.0:update_3:*:*:*:*:*:*",
              "matchCriteriaId": "7DE847E0-431D-497D-9C57-C4E59749F6A0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
    },
    {
      "lang": "es",
      "value": "Cuando se usa Apache Tomcat versiones 10.0.0-M1 hasta 10.0.0-M4, 9.0.0.M1 hasta 9.0.34, 8.5.0 hasta 8.5.54 y 7.0.0 hasta 7.0. 103, si a) un atacante es capaz de controlar el contenido y el nombre de un archivo en el servidor; y b) el servidor est\u00e1 configurado para usar el PersistenceManager con un FileStore; y c) el PersistenceManager est\u00e1 configurado con sessionAttributeValueClassNameFilter=\"null\" (el valor predeterminado a menos que se utilice un SecurityManager) o un filtro lo suficientemente laxo como para permitir que el objeto proporcionado por el atacante sea deserializado; y d) el atacante conoce la ruta relativa del archivo desde la ubicaci\u00f3n de almacenamiento usada por FileStore hasta el archivo sobre el que el atacante presenta control; entonces, mediante una petici\u00f3n espec\u00edficamente dise\u00f1ada, el atacante podr\u00e1 ser capaz de desencadenar una ejecuci\u00f3n de c\u00f3digo remota mediante la deserializaci\u00f3n del archivo bajo su control. Tome en cuenta que todas las condiciones desde la a) hasta la d) deben cumplirse para que el ataque tenga \u00e9xito."
    }
  ],
  "id": "CVE-2020-9484",
  "lastModified": "2024-11-21T05:40:44.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-20T19:15:09.257",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-21"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4448-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4596-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4727"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-21"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4448-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4596-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-25 18:15
Modified
2024-11-21 05:15
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2814Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2814Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
netapp active_iq_unified_manager -
oracle agile_plm 9.3.6
oracle application_testing_suite 13.3.0.1
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_liquidity_management 14.2
oracle banking_liquidity_management 14.3
oracle banking_liquidity_management 14.5
oracle banking_supply_chain_finance 14.2
oracle banking_supply_chain_finance 14.3
oracle banking_supply_chain_finance 14.5
oracle blockchain_platform *
oracle communications_calendar_server 8.0
oracle communications_calendar_server 8.0.0.4.0
oracle communications_cloud_native_core_unified_data_repository 1.4.0
oracle communications_contacts_server 8.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_messaging_server 8.1
oracle communications_offline_mediation_controller 12.0.0.3
oracle communications_policy_management 12.5.0
oracle communications_pricing_design_center 12.0.0.4.0
oracle communications_services_gatekeeper 7.0
oracle communications_session_report_manager *
oracle communications_unified_inventory_management 7.4.1
oracle identity_manager_connector 11.1.1.5.0
oracle siebel_ui_framework *
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8395437B-348F-4291-B79B-2794C1A0B560",
              "versionEndExcluding": "2.9.10.6",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "F3E0B672-3E06-4422-B2A4-0BD073AEC2A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "3A756737-1CC4-42C2-A4DF-E1C893B4E2D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DAB919-54FD-48F8-A664-CD85C0A4A0E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D99F81D-61BB-4904-BE31-3367D4A98FD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "93866792-1AAE-40AE-84D0-21250A296BE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45AB3A29-0994-46F4-8093-B4A9CE0BD95F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
              "versionEndExcluding": "21.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D55AB36-EDBB-4644-9579-21CE8278ED77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1BC31C-6016-42A8-9517-2FBBC92620CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE6D7E4F-FB11-4CED-81DB-D0BD21797C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0",
              "versionEndIncluding": "8.2.4.0",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3E2625-08F0-4C8E-B43F-831F0290F0D7",
              "versionEndIncluding": "8.2.2.1",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9E0011-6FF5-4C90-9780-7A1297BB09BF",
              "versionEndIncluding": "21.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacci\u00f3n entre los dispositivos de serializaci\u00f3n y la escritura, relacionada con br.com.anteros.dbcp.AnterosDBCPDataSource (tambi\u00e9n se conoce como Anteros-DBCP)"
    }
  ],
  "id": "CVE-2020-24616",
  "lastModified": "2024-11-21T05:15:09.653",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-25T18:15:11.133",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-17 00:15
Modified
2024-11-21 05:34
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
References
security@pivotal.iohttps://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3E
security@pivotal.iohttps://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3E
security@pivotal.iohttps://pivotal.io/security/cve-2020-5398Vendor Advisory
security@pivotal.iohttps://security.netapp.com/advisory/ntap-20210917-0006/Third Party Advisory
security@pivotal.iohttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujul2022.html
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2020-5398Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210917-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
vmware spring_framework *
oracle application_testing_suite 13.3.0.1
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0
oracle communications_cloud_native_core_policy 1.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_policy_management 12.5.0
oracle communications_session_report_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_session_report_manager 8.2.1
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle enterprise_manager_base_platform 13.2.1.0
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle healthcare_master_person_index 4.0.2
oracle insurance_calculation_engine *
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_policy_administration_j2ee 11.1.0
oracle insurance_policy_administration_j2ee 11.2.0
oracle insurance_policy_administration_j2ee 11.2.2.0
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette 11.0.2
oracle insurance_rules_palette 11.1.0
oracle insurance_rules_palette 11.2.0
oracle mysql *
oracle mysql *
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle retail_back_office 14.1
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_central_office 14.1
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 15.0.3
oracle retail_integration_bus 16.0.3
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-service 14.1
oracle retail_predictive_application_server 14.0.3
oracle retail_predictive_application_server 14.1.3.0
oracle retail_predictive_application_server 15.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle retail_returns_management 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle siebel_engineering_-_installer_\&_deployment *
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
netapp data_availability_services -
netapp snapcenter -


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76BD905-26D9-488D-AE30-70AB59434082",
              "versionEndExcluding": "5.0.16",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9EBF10C-7861-4A17-BB68-136421282B73",
              "versionEndExcluding": "5.1.13",
              "versionStartIncluding": "5.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC92F79-CBF6-4627-853B-DB9C61061F38",
              "versionEndExcluding": "5.2.3",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A9E4125-B744-4A9D-BFE6-5D82939958FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "261212BD-125A-487F-97E8-A9587935DFE8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6AA0A02F-18B1-42E6-80F3-8C6D11A73118",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C146BA-6F4F-4A6F-8E53-8A4F5B8E15D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC97EF4-DAB5-4A4C-B5DF-5AD2BF87DDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B4193-4DB7-4BD9-85FF-8665601E6D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C46CA4-116A-43BA-B1BB-3536BAD902DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1576C306-E70F-4761-80A5-9CC7FDED108E",
              "versionEndIncluding": "4.0.12",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E1A3769-E443-4511-B349-B5304F5E6EBD",
              "versionEndIncluding": "8.0.20",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCF6CCE5-250D-4B10-AD18-7DE7D84BF220",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7C2C60A-6876-4B2E-AA62-457845DDCC36",
              "versionEndIncluding": "2.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:data_availability_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0EF46487-B64A-454E-AECC-D74B83170ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input."
    },
    {
      "lang": "es",
      "value": "En Spring Framework, versiones 5.2.x anteriores a 5.2.3, versiones 5.1.x anteriores a 5.1.13 y versiones 5.0.x anteriores a 5.0.16, una aplicaci\u00f3n es vulnerable a un ataque de tipo reflected file download (RFD) cuando se establece un encabezado \"Content-Disposition\" en la respuesta donde el atributo filename es derivado de la entrada suministrada por el usuario."
    }
  ],
  "id": "CVE-2020-5398",
  "lastModified": "2024-11-21T05:34:04.053",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.6,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 6.0,
        "source": "security@pivotal.io",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-17T00:15:12.103",
  "references": [
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2020-5398"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2020-5398"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@pivotal.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security@pivotal.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-494"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-07-08 16:15
Modified
2024-11-21 04:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
References
security@apache.orghttps://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache camel *
apache camel *
apache camel *
apache camel *
apache camel 2.25.0
apache camel 2.25.1
oracle communications_diameter_signaling_router *
oracle enterprise_manager_base_platform 13.4.0.0
oracle enterprise_repository 11.1.1.7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B8170C4-4DA1-46DC-9AD0-9D63693A1E0E",
              "versionEndIncluding": "2.22.5",
              "versionStartIncluding": "2.22.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "161D1F72-731F-410F-B3BA-FD3316C066A1",
              "versionEndIncluding": "2.23.4",
              "versionStartIncluding": "2.23.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC414F27-89D3-49FA-A095-EA21EF1E954B",
              "versionEndIncluding": "2.24.3",
              "versionStartIncluding": "2.24.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B85D3390-29DF-459E-8DFF-F3FE7194536B",
              "versionEndIncluding": "3.3.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:2.25.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "67D143D0-224B-49E7-A3F8-D8E2C29F9C50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:2.25.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "12ED3A89-4B2D-4C9F-9486-0A537BB818AF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Server-Side Template Injection and arbitrary file disclosure on Camel templating components"
    },
    {
      "lang": "es",
      "value": "Una Inyecci\u00f3n de Plantilla del Lado de Servidor y divulgaci\u00f3n de archivos arbitrarios en componentes de plantillas Camel"
    }
  ],
  "id": "CVE-2020-11994",
  "lastModified": "2024-11-21T04:59:04.400",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-07-08T16:15:11.010",
  "references": [
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-18 22:15
Modified
2024-11-21 04:55
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2659Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2659Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y escritura, relacionados con org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (tambi\u00e9n se conoce como aries.transaction.jms)."
    }
  ],
  "id": "CVE-2020-10672",
  "lastModified": "2024-11-21T04:55:49.050",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-18T22:15:12.313",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-06-25 15:29
Modified
2024-11-21 03:42
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/107984Broken Link, Third Party Advisory, VDB Entry
security_alert@emc.comhttps://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing List, Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-11039Mitigation, Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107984Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-11039Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle agile_plm 9.3.3
oracle agile_plm 9.3.4
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle communications_diameter_signaling_router *
oracle communications_network_integrity *
oracle communications_online_mediation_controller 6.1
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle communications_unified_inventory_management 7.3.2
oracle communications_unified_inventory_management 7.3.4
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.0
oracle endeca_information_discovery_integrator 3.1.0
oracle endeca_information_discovery_integrator 3.2.0
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_manager_for_mysql_database 13.2
oracle enterprise_manager_ops_center 12.3.3
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle insurance_calculation_engine *
oracle insurance_calculation_engine 10.2
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.2
oracle micros_lucas 2.9.5
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle primavera_p6_enterprise_project_portfolio_management 18.8
oracle retail_advanced_inventory_planning 15.0
oracle retail_assortment_planning 14.1
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle retail_clearance_optimization_engine 14.0.5
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_financial_integration 13.2
oracle retail_financial_integration 14.0
oracle retail_financial_integration 14.1
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 14.1.2
oracle retail_markdown_optimization 13.4.4
oracle retail_predictive_application_server 14.0.3.26
oracle retail_predictive_application_server 14.1.3.37
oracle retail_predictive_application_server 15.0.3..100
oracle retail_predictive_application_server 16.0
oracle retail_xstore_point_of_service 7.1
oracle utilities_network_management_system 1.12.0.3
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3891F0-7BAE-45DD-992E-57DACE8ADEFE",
              "versionEndExcluding": "4.3.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8331CA8D-B3F4-4999-8E1C-E2AA9C834CAD",
              "versionEndExcluding": "5.0.7",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2",
              "versionEndIncluding": "7.3.6",
              "versionStartIncluding": "7.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15817206-C2AD-47B7-B40F-85BB36DB4E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C25F23-6800-48A2-881C-C2A2C3FA045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A94B32D-6B5F-4E42-8345-4F9126A89435",
              "versionEndIncluding": "3.4.9.4237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF71D94F-EFC5-4390-A380-AC0E5DB05516",
              "versionEndIncluding": "4.0.6.5281",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33EFAF19-A639-47AD-9CDC-D174C91F0F00",
              "versionEndIncluding": "8.0.2.8191",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921B7906-A20A-4313-9398-D542A4198BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE91D517-D85D-4A8D-90DC-4561BBF8670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB5604C-69AF-459D-A82D-8A3B78CF2655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "655CF3AE-B649-4282-B727-8B3C5D829C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CFE454-3E73-4A88-ABEE-322139B169A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05A34B4-A853-456C-BD56-3B3FD6397424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A17D989-66AC-4A17-AB4D-E0EC045FB457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "14285308-8564-4858-8D31-E40E57B27390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0BBB59C-D3B4-4CA9-870B-3FB9118F3F4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework (versiones 5.0.x anteriores a la 5.0.7, versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte) permite que las aplicaciones web cambien el m\u00e9todo de petici\u00f3n HTTP a cualquier m\u00e9todo HTTP (incluyendo TRACE) utilizando HiddenHttpMethodFilter en Spring MVC. Si una aplicaci\u00f3n tiene una vulnerabilidad Cross-Site Scripting (XSS) preexistente, un usuario (o atacante) malicioso puede emplear este filtro para escalar a un ataque XST (Cross Site Tracing)."
    }
  ],
  "id": "CVE-2018-11039",
  "lastModified": "2024-11-21T03:42:32.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-25T15:29:00.317",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107984"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-11039"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-11039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-16 18:15
Modified
2024-11-21 04:41
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
secalert_us@oracle.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Vendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuapr2020.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuapr2021.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlVendor Advisory
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
secalert_us@oracle.comhttps://www.zerodayinitiative.com/advisories/ZDI-19-1024/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2021.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-19-1024/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle banking_enterprise_collections 2.7.0
oracle banking_enterprise_collections 2.8.0
oracle banking_enterprise_originations 2.7.0
oracle banking_enterprise_originations 2.8.0
oracle banking_enterprise_product_manufacturing 2.7.0
oracle banking_enterprise_product_manufacturing 2.8.0
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle clinical 5.2
oracle communications_diameter_signaling_router *
oracle communications_network_integrity *
oracle communications_service_broker 6.0
oracle communications_service_broker 6.1
oracle communications_services_gatekeeper 6.0
oracle communications_services_gatekeeper 6.1
oracle enterprise_repository 11.1.1.7.0
oracle financial_services_lending_and_leasing *
oracle financial_services_lending_and_leasing 12.5.0
oracle financial_services_revenue_management_and_billing_analytics 2.6
oracle financial_services_revenue_management_and_billing_analytics 2.7
oracle financial_services_revenue_management_and_billing_analytics 2.8
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle health_sciences_data_management_workbench 2.4
oracle health_sciences_data_management_workbench 2.5
oracle hyperion_planning 11.1.2.4
oracle rapid_planning 12.1.3
oracle retail_assortment_planning 15.0.3.0
oracle retail_assortment_planning 16.0.3.0
oracle retail_clearance_optimization_engine 13.4
oracle retail_clearance_optimization_engine 14.0.3
oracle retail_clearance_optimization_engine 14.0.5
oracle retail_markdown_optimization 13.4
oracle retail_sales_audit 15.0.3
oracle retail_sales_audit 16.0.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFB663EB-1E06-428B-BE2D-AECFF7F1A025",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3753A492-B62D-4E4A-8D60-C1AC1F71419B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7AB8ABFD-C72C-4CBB-8872-9440A19154D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_originations:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3054FEBB-484B-4927-9D1C-2024772E8B3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AED3C78-7D65-4F02-820D-B51BCE4022F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "557A23A1-4762-4D29-A478-D1670C1847D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:clinical:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F60487A7-386A-4C86-9456-53D1F437CE0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2",
              "versionEndIncluding": "7.3.6",
              "versionStartIncluding": "7.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_service_broker:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "373C4024-679F-4C37-B408-0FB0D7FD845F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_service_broker:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B1B6C73-F0DC-48AA-BD31-FD3FAEC22F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA4E8A1E-FBB5-4EAC-9A7F-6FE95A1B5F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3287751-9F54-4806-81D2-E28A42DF1407",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCDA89CD-FE10-47AA-9F64-F4BC93E44755",
              "versionEndIncluding": "14.2.0",
              "versionStartIncluding": "14.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_lending_and_leasing:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "317CA916-61F3-4E24-B42F-610A1C88A5BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51A10EB-10A9-48EE-9B24-AEE2ABACE9C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CCE1968-016C-43C1-9EE1-FD9F978B688F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing_analytics:2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B5DBF4C-84BB-4537-BD8D-E10C5A4B69F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "271745B7-203F-4025-ACF0-C7CA40EE1643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6C07C54-1A10-4063-87F1-E4A371695149",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_planning:11.1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86045AB3-7CCA-49D0-B6FA-DA57A55248DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "10578046-1907-4B2B-B8DE-80B3DE6AA476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44357172-4035-4D57-9C83-D80BDDE8E8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B13EC6F1-1EB7-4A71-8298-A9140C0F6EBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D31A422-0B1D-415E-A551-26B8449017DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE91D517-D85D-4A8D-90DC-4561BBF8670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "32E89B1F-7746-47A6-93A2-E7EB69A85EA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "12AFC92F-E46B-4382-9302-26F27B79723C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5AA4401-E672-4E34-A7DB-5F8F93C3A4F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el producto Oracle JDeveloper and ADF de Oracle Fusion Middleware (componente: ADF Faces). Las versiones compatibles que est\u00e1n afectadas son 11.1.1.9.0, 12.1.3.0.0 y 12.2.1.3.0. Una vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle JDeveloper and ADF. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Oracle JDeveloper and ADF. CVSS 3.0 Puntuaci\u00f3n Base 9.8 (Impactos de la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
    }
  ],
  "id": "CVE-2019-2904",
  "lastModified": "2024-11-21T04:41:46.483",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-16T18:15:27.560",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-02 15:15
Modified
2024-11-21 05:36
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Summary
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
References
security@php.nethttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.htmlMailing List, Third Party Advisory
security@php.nethttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.htmlMailing List, Third Party Advisory
security@php.nethttps://bugs.php.net/bug.php?id=79601Issue Tracking, Patch, Vendor Advisory
security@php.nethttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/
security@php.nethttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/
security@php.nethttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/
security@php.nethttps://security.gentoo.org/glsa/202012-16Third Party Advisory
security@php.nethttps://security.netapp.com/advisory/ntap-20201016-0001/Third Party Advisory
security@php.nethttps://usn.ubuntu.com/4583-1/Third Party Advisory
security@php.nethttps://www.debian.org/security/2021/dsa-4856Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security@php.nethttps://www.tenable.com/security/tns-2021-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=79601Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202012-16Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20201016-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4583-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4856Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-14Third Party Advisory
Impacted products
Vendor Product Version
php php *
php php *
php php *
fedoraproject fedora 31
fedoraproject fedora 32
fedoraproject fedora 33
debian debian_linux 10.0
opensuse leap 15.1
opensuse leap 15.2
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
netapp clustered_data_ontap -
oracle communications_diameter_signaling_router *
tenable tenable.sc *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "63EC1EEB-0BEC-496B-B225-066232FDFCF0",
              "versionEndExcluding": "7.2.34",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEFF4B6D-4A40-479B-846E-EA3372E062E0",
              "versionEndExcluding": "7.3.23",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D5112FC-B50B-4C73-A876-0C7FB66EB4F1",
              "versionEndExcluding": "7.4.11",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
              "versionEndExcluding": "5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data."
    },
    {
      "lang": "es",
      "value": "En PHP versiones 7.2.x por debajo de 7.2.34, versiones 7.3.x por debajo de 7.3.23 y versiones 7.4.x por debajo de 7.4.11, cuando el modo AES-CCM es usado con la funci\u00f3n openssl_encrypt() con 12 bytes IV, solo los primeros 7 bytes del IV est\u00e1 actualmente usado.\u0026#xa0;Esto puede conllevar a una disminuci\u00f3n de seguridad y datos de cifrado incorrectos"
    }
  ],
  "id": "CVE-2020-7069",
  "lastModified": "2024-11-21T05:36:36.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.5,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-10-02T15:15:12.670",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79601"
    },
    {
      "source": "security@php.net",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/"
    },
    {
      "source": "security@php.net",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/"
    },
    {
      "source": "security@php.net",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202012-16"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4583-1/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4856"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202012-16"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4583-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-326"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-11 13:29
Modified
2024-11-21 03:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/103771Third Party Advisory, VDB Entry
security_alert@emc.comhttp://www.securitytracker.com/id/1041301Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
security_alert@emc.comhttps://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1275Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103771Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041301Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1275Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4C1A62A-E019-4649-AB74-DB249D1B03EF",
              "versionEndExcluding": "4.3.16",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2CC334-AFF8-41D4-9FBD-88C8FF9DA406",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones anteriores a las comprendidas entre la 5.0 y la 5.0.5, versiones 4.3 anteriores a la 4.3.16 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a trav\u00e9s del m\u00f3dulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de ejecuci\u00f3n remota de c\u00f3digo. Este CVE hace referencia a una soluci\u00f3n parcial de CVE-2018-1270 en la rama 4.3.x de Spring Framework."
    }
  ],
  "id": "CVE-2018-1275",
  "lastModified": "2024-11-21T03:59:31.333",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-11T13:29:00.353",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103771"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041301"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1275"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103771"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041301"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1275"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-358"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-12 15:15
Modified
2024-11-21 06:04
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N
Summary
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
References
security@apache.orghttps://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3EMailing List, Vendor Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/08/msg00009.htmlMailing List, Third Party Advisory
security@apache.orghttps://security.gentoo.org/glsa/202208-34Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20210827-0007/Third Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-4952Third Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-4986Third Party Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3EMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/08/msg00009.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202208-34Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210827-0007/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4952Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4986Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache tomcat *
apache tomcat *
apache tomcat *
apache tomcat *
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_diameter_signaling_router *
oracle communications_pricing_design_center 12.0.0.3.0
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
oracle tekelec_platform_distribution *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BA16F9-F348-4796-B5A1-A1CC3CC20926",
              "versionEndExcluding": "7.0.109",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E609F611-7273-4E5E-8EE1-99804D01AFCB",
              "versionEndExcluding": "8.5.66",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFD5BEFB-48F5-4CC6-8644-1C38106A0F6F",
              "versionEndExcluding": "9.0.46",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CC917F9-341E-4064-B101-5382944BD79A",
              "versionEndExcluding": "10.0.6",
              "versionStartIncluding": "10.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F5B430-8BA1-4865-93B5-0DE89F424B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
              "versionEndIncluding": "7.7.1",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad en el \u00e1mbito JNDI de Apache Tomcat permite a un atacante autenticarse usando variaciones de un nombre de usuario v\u00e1lido y/o omitir parte de la protecci\u00f3n proporcionada por el \u00e1mbito LockOut. Este problema afecta a Apache Tomcat versiones 10.0.0-M1 hasta 10.0.5; versiones 9.0.0.M1 hasta 9.0.45; versiones 8.5.0 hasta 8.5.65"
    }
  ],
  "id": "CVE-2021-30640",
  "lastModified": "2024-11-21T06:04:20.893",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-12T15:15:08.367",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-34"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4952"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4986"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4952"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-116"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-18 22:15
Modified
2024-11-21 04:55
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2660Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2660Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FB021E3-0529-4F99-B880-66FDAC2F889D",
              "versionEndExcluding": "2.6.7.4",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y escritura, relacionada con com.caucho.config.types.ResourceRef (tambi\u00e9n se conoce como caucho-quercus)."
    }
  ],
  "id": "CVE-2020-10673",
  "lastModified": "2024-11-21T04:55:49.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-18T22:15:12.407",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-10 19:15
Modified
2024-11-21 05:02
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.
References
security@apache.orghttp://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txtVendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2020/10/msg00013.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/10/msg00013.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache activemq *
oracle communications_diameter_signaling_router *
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27C7324-562F-46E8-B69D-EE68D2F8CAA4",
              "versionEndExcluding": "5.15.12",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12."
    },
    {
      "lang": "es",
      "value": "Apache ActiveMQ usa la funci\u00f3n LocateRegistry.createRegistry() para crear el registro RMI de JMX y vincular el servidor a la entrada \"jmxrmi\".\u0026#xa0;Es posible conectarse al registro sin autenticaci\u00f3n y llamar al m\u00e9todo rebind para volver a vincular jmxrmi a otra cosa.\u0026#xa0;Si un atacante crea otro servidor como proxy del original y lo enlaza, efectivamente se convierte en un ataque de tipo man in the middle y es capaz de interceptar las credenciales cuando un usuario se conecta.\u0026#xa0;Actualice a Apache ActiveMQ versi\u00f3n 5.15.12"
    }
  ],
  "id": "CVE-2020-13920",
  "lastModified": "2024-11-21T05:02:09.060",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-10T19:15:13.160",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-306"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-07-15 17:15
Modified
2024-11-21 06:10
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
References
emo@eclipse.orghttps://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vmExploit, Third Party Advisory
emo@eclipse.orghttps://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E
emo@eclipse.orghttps://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E
emo@eclipse.orghttps://security.netapp.com/advisory/ntap-20210819-0006/Third Party Advisory
emo@eclipse.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
emo@eclipse.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
emo@eclipse.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vmExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210819-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
eclipse jetty *
eclipse jetty *
eclipse jetty *
netapp e-series_santricity_os_controller *
netapp e-series_santricity_web_services -
netapp element_plug-in_for_vcenter_server -
netapp hci_management_node -
netapp snap_creator_framework -
netapp snapcenter_plug-in -
netapp solidfire -
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.5.0
oracle communications_cloud_native_core_service_communication_proxy 1.14.0
oracle communications_cloud_native_core_unified_data_repository 1.14.0
oracle communications_diameter_signaling_router *
oracle financial_services_crime_and_compliance_management_studio 8.0.8.2.0
oracle financial_services_crime_and_compliance_management_studio 8.0.8.3.0
oracle rest_data_services *
oracle retail_eftlink 20.0.1
oracle stream_analytics *
oracle stream_analytics 19c


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBBFAC86-5AEA-467D-93ED-FD4DAB3469A2",
              "versionEndExcluding": "9.4.43",
              "versionStartIncluding": "9.4.37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE0C2EA-CCA1-4ADF-99AC-B34D6713F0C6",
              "versionEndExcluding": "10.0.6",
              "versionStartIncluding": "10.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:eclipse:jetty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3DBE2C80-1D28-4BCA-9969-C6DB35E64BEC",
              "versionEndExcluding": "11.0.6",
              "versionStartIncluding": "11.0.1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_os_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73F81EC3-4AB0-4CD7-B845-267C5974DE98",
              "versionEndIncluding": "11.70.1",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:web_services_proxy:*:*",
              "matchCriteriaId": "1AEFF829-A8F2-4041-8DDF-E705DB3ADED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_plug-in_for_vcenter_server:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "214712B6-59AF-4B5E-84BF-AF3C74A390EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter_plug-in:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "DC01D8F3-291A-44E5-99C1-6771F6656E0E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAEB09CA-9352-43CD-AF66-92BE416E039C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0AB059F2-FEC4-4180-8A90-39965495055E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A276784-877B-4A29-A8F1-70518A438A9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55F091C7-0869-4FD6-AC73-DA697D990304",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_crime_and_compliance_management_studio:8.0.8.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D134C60-F9E2-46C2-8466-DB90AD98439E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "105BF985-2403-455E-BAA1-509245B54A1D",
              "versionEndExcluding": "22.1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "847E8F6A-6115-4CCB-B16B-5DA8427958C4",
              "versionEndExcluding": "19.1.0.0.6.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:stream_analytics:19c:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E7B7A7D-BA3D-4ADA-B87C-F222B0722AF2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
    },
    {
      "lang": "es",
      "value": "Para Eclipse Jetty versiones 9.4.37-9.4.42, 10.0.1-10.0.5 y 11.0.1-11.0.5, los URIs pueden ser dise\u00f1ados usando algunos caracteres codificados para acceder al contenido del directorio WEB-INF y/o omitir algunas restricciones de seguridad. Esta es una variaci\u00f3n de la vulnerabilidad reportada en CVE-2021-28164/GHSA-v7ff-8wcx-gmc5"
    }
  ],
  "id": "CVE-2021-34429",
  "lastModified": "2024-11-21T06:10:23.447",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "emo@eclipse.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-07-15T17:15:08.637",
  "references": [
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "emo@eclipse.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "emo@eclipse.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        },
        {
          "lang": "en",
          "value": "CWE-551"
        }
      ],
      "source": "emo@eclipse.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-14 20:15
Modified
2024-11-21 05:02
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2698Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2698Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp steelstore_cloud_integrated_storage -
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B92AF50-0155-471E-B5C4-1CFD95F4B7D0",
              "versionEndExcluding": "2.9.10.5",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja incorrectamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, y oracle.jms.AQjmsXAConnectionFactory (tambi\u00e9n se conoce como weblogic/oracle-aqjms)"
    }
  ],
  "id": "CVE-2020-14061",
  "lastModified": "2024-11-21T05:02:28.207",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-14T20:15:10.027",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-02 14:15
Modified
2024-11-21 04:31
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
References
cve@mitre.orghttps://bugs.eclipse.org/bugs/show_bug.cgi?id=548244Exploit, Issue Tracking, Patch, Vendor Advisory
cve@mitre.orghttps://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dceePatch, Third Party Advisory
cve@mitre.orghttps://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81fPatch, Third Party Advisory
cve@mitre.orghttps://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASERelease Notes, Third Party Advisory
cve@mitre.orghttps://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txtExploit, Third Party Advisory
cve@mitre.orghttps://github.com/eclipse-ee4j/mojarra/issues/4556Third Party Advisory
cve@mitre.orghttps://github.com/eclipse-ee4j/mojarra/pull/4567Patch, Third Party Advisory
cve@mitre.orghttps://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fePatch, Third Party Advisory
cve@mitre.orghttps://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4Patch, Third Party Advisory
cve@mitre.orghttps://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20Patch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dceePatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81fPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASERelease Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txtExploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse-ee4j/mojarra/issues/4556Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/eclipse-ee4j/mojarra/pull/4567Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fePatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
eclipse mojarra *
oracle mojarra_javaserver_faces *
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle banking_enterprise_product_manufacturing 2.7.0
oracle banking_enterprise_product_manufacturing 2.8.0
oracle communications_diameter_signaling_router *
oracle communications_network_integrity 7.3.5
oracle communications_network_integrity 7.3.6
oracle communications_unified_inventory_management 7.3.0
oracle communications_unified_inventory_management 7.4.0
oracle enterprise_data_quality 12.2.1.3.0
oracle health_sciences_information_manager 3.0
oracle healthcare_data_repository 7.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 19.12.0.0
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_advanced_inventory_planning 15.0
oracle retail_advanced_inventory_planning 16.0
oracle retail_assortment_planning 16.0.3
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 15.0
oracle retail_integration_bus 16.0
oracle retail_invoice_matching 16.0
oracle retail_merchandising_system 16.0
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_store_inventory_management 14.0.4
oracle retail_store_inventory_management 14.1.3
oracle retail_store_inventory_management 15.0.3
oracle retail_store_inventory_management 16.0.3
oracle secure_global_desktop 5.4
oracle secure_global_desktop 5.5
oracle time_and_labor *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:eclipse:mojarra:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF187C4C-1F1D-4C85-AD4F-B1583FE38E55",
              "versionEndExcluding": "2.3.10",
              "versionStartIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mojarra_javaserver_faces:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1802D8E3-E0CB-40AB-A326-D86676EBAE75",
              "versionEndExcluding": "2.2.20",
              "versionStartIncluding": "2.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AED3C78-7D65-4F02-820D-B51BCE4022F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_product_manufacturing:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "557A23A1-4762-4D29-A478-D1670C1847D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E76102AD-1FFE-4E47-A616-F38382C67344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2EE28E34-1D55-42ED-88F2-B2A0C954E298",
              "versionEndIncluding": "15.2.18.7",
              "versionStartIncluding": "15.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2549AF5-E459-46EC-BC20-F5F7A2199802",
              "versionEndIncluding": "16.2.19.0",
              "versionStartIncluding": "16.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D701969-8B0B-40A9-8992-C383FD8B1F7C",
              "versionEndIncluding": "17.12.15.0",
              "versionStartIncluding": "17.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "87D6640E-3A12-4B4F-B5D7-AC1427B05B20",
              "versionEndIncluding": "18.8.15.0",
              "versionStartIncluding": "18.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:19.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F18C399-058C-427C-878C-5AAFE9EE31D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D939BB4-9D34-43A4-A19C-1CC90DB748FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46525CA6-4226-4F6F-B899-D800D4DDE0B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2B933E8-DBC4-4443-B837-BA8BAF8CC249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:time_and_labor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A74710-0E0F-4123-A64C-0684824D13CA",
              "versionEndIncluding": "12.2.11",
              "versionStartIncluding": "12.2.6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled."
    },
    {
      "lang": "es",
      "value": "El archivo faces/context/PartialViewContextImpl.java en Eclipse Mojarra, como es usado en Mojarra para Eclipse EE4J versiones anteriores a 2.3.10 y Mojarra JavaServer Faces versiones anteriores a 2.2.20, permite un ataque de tipo XSS Reflejado porque un campo client window es manejado inapropiadamente."
    }
  ],
  "id": "CVE-2019-17091",
  "lastModified": "2024-11-21T04:31:40.197",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-02T14:15:12.600",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-03-25 17:15
Modified
2024-11-21 05:48
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
References
talos-cna@cisco.comhttps://talosintelligence.com/vulnerability_reports/TALOS-2021-1245Exploit, Technical Description, Third Party Advisory
talos-cna@cisco.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
talos-cna@cisco.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
genivia gsoap 2.8.107
oracle communications_diameter_signaling_router *
oracle communications_eagle_application_processor *
oracle communications_eagle_lnp_application_processor 46.7
oracle communications_eagle_lnp_application_processor 46.8
oracle communications_eagle_lnp_application_processor 46.9
oracle communications_lsms 13.1
oracle communications_lsms 13.2
oracle communications_lsms 13.3
oracle communications_lsms 13.4
oracle tekelec_virtual_operating_environment *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:genivia:gsoap:2.8.107:*:*:*:*:*:*:*",
              "matchCriteriaId": "67681E3B-436C-4B75-A472-F99B22E3625F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
              "versionEndIncluding": "16.4.0",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E14AECDA-5C63-40F0-81FF-17BBFA487577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E93FC676-40F5-45CA-880E-8084FF911A7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A946E0B-083B-4315-B979-FAB8EF96F9F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E6EF0DC-0188-4804-ACBF-25171A710CDE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tekelec_virtual_operating_environment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4509814-6693-4045-8263-B8C965398741",
              "versionEndIncluding": "3.7.1",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability."
    },
    {
      "lang": "es",
      "value": "Se presenta una vulnerabilidad de ejecuci\u00f3n de c\u00f3digo en la funcionalidad del plugin WS-Addressing de Genivia gSOAP versi\u00f3n 2.8.107.\u0026#xa0;Una petici\u00f3n  SOAP especialmente dise\u00f1ada puede conllevar a una ejecuci\u00f3n de c\u00f3digo remota.\u0026#xa0;Un atacante puede enviar una petici\u00f3n  HTTP para desencadenar esta vulnerabilidad"
    }
  ],
  "id": "CVE-2021-21783",
  "lastModified": "2024-11-21T05:48:57.697",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "talos-cna@cisco.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-03-25T17:15:13.210",
  "references": [
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "talos-cna@cisco.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "talos-cna@cisco.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-680"
        }
      ],
      "source": "talos-cna@cisco.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-14 17:15
Modified
2024-11-21 04:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2020/05/14/9Mailing List, Third Party Advisory
security@apache.orghttps://camel.apache.org/security/CVE-2020-11973.htmlVendor Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/05/14/9Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://camel.apache.org/security/CVE-2020-11973.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache camel *
apache camel *
oracle communications_diameter_signaling_router *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C55090-F0B1-4C9A-913E-3F63F6F1BB85",
              "versionEndIncluding": "2.25.0",
              "versionStartIncluding": "2.22.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D97C4E5-435C-4D5F-958B-67B50F822147",
              "versionEndIncluding": "3.1.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
    },
    {
      "lang": "es",
      "value": "Apache Camel Netty permite una deserializaci\u00f3n de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 est\u00e1n afectadas. Los usuarios de la versi\u00f3n 2.x deben actualizar a la versi\u00f3n 2.25.1, los usuarios de la versi\u00f3n 3.x deben actualizar a la versi\u00f3n 3.2.0."
    }
  ],
  "id": "CVE-2020-11973",
  "lastModified": "2024-11-21T04:59:01.343",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T17:15:12.193",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/9"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://camel.apache.org/security/CVE-2020-11973.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://camel.apache.org/security/CVE-2020-11973.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-30 11:15
Modified
2024-11-21 04:26
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
References
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3200Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bPatch
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2Patch, Product
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2389Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlThird Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
cve@mitre.orghttps://seclists.org/bugtraq/2019/Oct/6Mailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190814-0001/Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4542Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3200Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2Patch, Product
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2389Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Oct/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190814-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4542Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
fedoraproject fedora 29
fedoraproject fedora 30
apache drill 1.16.0
redhat jboss_middleware_text-only_advisories 1.0
oracle banking_platform 2.4.0
oracle banking_platform 2.4.1
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle communications_instant_messaging_server 10.0.1.3.0
oracle financial_services_analytical_applications_infrastructure *
oracle global_lifecycle_management_opatch *
oracle global_lifecycle_management_opatch *
oracle global_lifecycle_management_opatch *
oracle global_lifecycle_management_opatch 11.2.0.3.23
oracle global_lifecycle_management_opatch 13.9.4.2.1
oracle goldengate_stream_analytics *
oracle jd_edwards_enterpriseone_orchestrator 9.2
oracle jd_edwards_enterpriseone_tools 9.2
oracle primavera_gateway *
oracle primavera_gateway 15.2
oracle primavera_gateway 16.1
oracle primavera_gateway 16.2
oracle primavera_gateway 18.8.0
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle retail_xstore_point_of_service 7.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle siebel_engineering_-_installer_\&_deployment *
oracle siebel_ui_framework *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036DA13-110D-40B3-8494-E361BBF4AFCD",
              "versionEndExcluding": "2.6.7.3",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89660FC3-9198-414C-B89D-C61A4438BA3B",
              "versionEndExcluding": "2.7.9.6",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DB8A2D4-0FDE-4216-896B-52824106B97B",
              "versionEndExcluding": "2.8.11.4",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04641592-DAF4-47BB-A9DE-FC4C84A20401",
              "versionEndExcluding": "2.9.9.2",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:drill:1.16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "235DC57F-22B8-4219-9499-7D005D90A654",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_middleware_text-only_advisories:1.0:*:*:*:*:middleware:*:*",
              "matchCriteriaId": "A0FED4EE-0AE2-4BD8-8DAC-143382E4DB7C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD945A04-174C-46A2-935D-4F92631D1018",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51433748-DED0-416D-8BFE-F3493E13772E",
              "versionEndIncluding": "8.0.8",
              "versionStartIncluding": "8.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6455EB1-C741-45E8-A53E-E7AD7A5D00EE",
              "versionEndExcluding": "11.2.0.3.23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFD43191-E67F-4D1B-967B-3C7B20331945",
              "versionEndExcluding": "12.2.0.1.19",
              "versionStartIncluding": "12.2.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "062C588A-CBBA-470F-8D11-2F961922E927",
              "versionEndExcluding": "13.9.4.2.1",
              "versionStartIncluding": "13.9.4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:11.2.0.3.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "E074FB89-051D-4E67-BFF9-5D3880F4E8EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:13.9.4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F71F9A4-39B3-4027-87DF-BF47DEDC9357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
              "versionEndExcluding": "19.1.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "989598A3-7012-4F57-B172-02404E20D16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6951D244-845C-4BF2-AC75-F226B0C39C77",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DADAD14D-4836-4C74-A474-B8A044EED2EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99365245-49E8-4616-BD24-CE564AC1D17E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_engineering_-_installer_\\\u0026_deployment:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "25993ED6-D4C7-4B68-9F87-274B757A88CC",
              "versionEndIncluding": "19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F10FB4D-A29B-42B4-B70E-EB82A93F2218",
              "versionEndIncluding": "19.10",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema de escritura polim\u00f3rfica en jackson-databind de FasterXML versiones 2.x anteriores a 2.9.9.2. Esto ocurre cuando la Escritura Predeterminada est\u00e1 habilitada (globalmente o para una propiedad espec\u00edfica) para un endpoint JSON expuesto externamente y el servicio tiene el jar de logback en el classpath."
    }
  ],
  "id": "CVE-2019-14439",
  "lastModified": "2024-11-21T04:26:44.957",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-30T11:15:11.123",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3200"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Oct/6"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4542"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Product"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Oct/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4542"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-27 21:15
Modified
2024-11-21 05:36
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
References
security@php.nethttps://bugs.php.net/bug.php?id=79465Exploit, Vendor Advisory
security@php.nethttps://security.netapp.com/advisory/ntap-20200504-0001/Third Party Advisory
security@php.nethttps://www.debian.org/security/2020/dsa-4717Third Party Advisory
security@php.nethttps://www.debian.org/security/2020/dsa-4719Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuApr2021.htmlNot Applicable, Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
security@php.nethttps://www.tenable.com/security/tns-2021-14Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=79465Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200504-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4717Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4719Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlNot Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-14Patch, Third Party Advisory
Impacted products
Vendor Product Version
php php *
php php *
php php *
tenable tenable.sc *
oracle communications_diameter_signaling_router *
debian debian_linux 9.0
debian debian_linux 10.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCA61CC4-F137-461B-8B8A-3EC3F502BF33",
              "versionEndExcluding": "7.2.30",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "461B71F9-8BE5-4E97-807E-03D180AC6122",
              "versionEndExcluding": "7.3.17",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE8B571C-CCD8-418D-A29A-D9EBC06CAE2D",
              "versionEndExcluding": "7.4.5",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
              "versionEndExcluding": "5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
    },
    {
      "lang": "es",
      "value": "En PHP versiones 7.2.x por debajo de 7.2.30, versiones 7.3.x debajo de 7.3.17 y versiones 7.4.x por debajo de 7.4.5, si PHP es compilado con soporte EBCDIC (poco com\u00fan), la funci\u00f3n urldecode() puede ser hecha para acceder a ubicaciones m\u00e1s all\u00e1 del memoria asignada, debido al uso err\u00f3neo de n\u00fameros con signo como \u00edndices de matriz."
    }
  ],
  "id": "CVE-2020-7067",
  "lastModified": "2024-11-21T05:36:36.513",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-27T21:15:14.593",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79465"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79465"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4717"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        },
        {
          "lang": "en",
          "value": "CWE-196"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-19 15:15
Modified
2024-11-21 06:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
References
reefs@jfrog.comhttps://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vvThird Party Advisory
reefs@jfrog.comhttps://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E
reefs@jfrog.comhttps://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlMailing List, Third Party Advisory
reefs@jfrog.comhttps://security.netapp.com/advisory/ntap-20220210-0012/Third Party Advisory
reefs@jfrog.comhttps://www.debian.org/security/2023/dsa-5316Third Party Advisory
reefs@jfrog.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
reefs@jfrog.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
reefs@jfrog.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vvThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220210-0012/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5316Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
netty netty *
quarkus quarkus *
oracle banking_apis *
oracle banking_apis 19.1
oracle banking_apis 19.2
oracle banking_apis 20.1
oracle banking_apis 21.1
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_digital_experience 21.1
oracle coherence 12.2.1.4.0
oracle coherence 14.1.1.0.0
oracle commerce_guided_search 11.3.2
oracle communications_brm_-_elastic_charging_engine *
oracle communications_brm_-_elastic_charging_engine 12
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_cloud_native_core_binding_support_function 1.11.0
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_diameter_signaling_router *
oracle communications_instant_messaging_server 8.1
oracle helidon 1.4.10
oracle helidon 2.4.0
oracle peoplesoft_enterprise_peopletools 8.48
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
netapp oncommand_insight -
debian debian_linux 10.0
debian debian_linux 11.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF41DE29-2A17-4085-9F00-811E461E36EC",
              "versionEndExcluding": "4.1.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
              "versionEndExcluding": "2.2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
              "versionEndIncluding": "18.3",
              "versionStartIncluding": "18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FF57C7A-92C9-4D71-A7B1-CC9DEFAA8193",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:coherence:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5FA64A1D-34F9-4441-857A-25C165E6DBB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
              "versionEndExcluding": "12.0.0.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12:0.0.5.0:*:*:*:*:*:*",
              "matchCriteriaId": "701B1B1D-A36F-4B73-B16D-F6574DF43754",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10323322-F6C0-4EA7-9344-736F7A80AA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "47CE14F1-7E98-4C3B-A817-C54273F23464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:helidon:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E7626D2-D9FF-416A-9581-852CED0D8C24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:helidon:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99344A5D-F4B7-49B4-9AE6-0E2FB3874EA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.48:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C098860-0862-4C5B-8EE4-9469D5D01815",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Bzip2 decompression decoder function doesn\u0027t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack"
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Bzip2 decompression decoder no permite establecer restricciones de tama\u00f1o en los datos de salida descomprimidos (lo que afecta al tama\u00f1o de asignaci\u00f3n usado durante la descompresi\u00f3n). Todos los usuarios de Bzip2Decoder est\u00e1n afectados. La entrada maliciosa puede desencadenar un OOME y as\u00ed un ataque de DoS"
    }
  ],
  "id": "CVE-2021-37136",
  "lastModified": "2024-11-21T06:14:42.867",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-19T15:15:07.697",
  "references": [
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5316"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "reefs@jfrog.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "reefs@jfrog.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-14 16:15
Modified
2024-11-21 05:11
Severity ?
6.3 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
Summary
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
References
security@apache.orghttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.htmlMailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2020/09/30/6Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2020/12/06/1Mailing List, Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3EMailing List, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/
security@apache.orghttps://security.gentoo.org/glsa/202007-34Third Party Advisory
security@apache.orghttps://usn.ubuntu.com/4380-1/Mailing List, Vendor Advisory
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/09/30/6Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/12/06/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3EMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202007-34Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4380-1/Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache ant *
apache ant *
canonical ubuntu_linux 19.10
fedoraproject fedora 31
fedoraproject fedora 32
opensuse leap 15.2
oracle agile_engineering_data_management 6.2.1.0
oracle banking_enterprise_collections *
oracle banking_liquidity_management *
oracle banking_platform *
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle category_management_planning_\&_optimization 15.0.3
oracle communications_asap 7.3
oracle communications_diameter_signaling_router *
oracle communications_metasolv_solution 6.3.0
oracle communications_order_and_service_management 7.3
oracle communications_order_and_service_management 7.4
oracle data_integrator 12.2.1.3.0
oracle data_integrator 12.2.1.4.0
oracle endeca_information_discovery_studio 3.2.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle enterprise_repository 11.1.1.7.0
oracle financial_services_analytical_applications_infrastructure *
oracle flexcube_investor_servicing 12.1.0
oracle flexcube_investor_servicing 12.3.0
oracle flexcube_investor_servicing 12.4.0
oracle flexcube_investor_servicing 14.0.0
oracle flexcube_investor_servicing 14.1.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle health_sciences_information_manager *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle real-time_decision_server 3.2.1.0
oracle retail_advanced_inventory_planning 14.1
oracle retail_advanced_inventory_planning 15.0
oracle retail_advanced_inventory_planning 16.0
oracle retail_assortment_planning 15.0.3
oracle retail_assortment_planning 16.0.3
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_bulk_data_integration 15.0
oracle retail_bulk_data_integration 16.0
oracle retail_bulk_data_integration 16.0.3.0
oracle retail_bulk_data_integration 19.0.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_data_extractor_for_merchandising 1.9
oracle retail_data_extractor_for_merchandising 1.10
oracle retail_extract_transform_and_load 13.2.5
oracle retail_extract_transform_and_load 13.2.8
oracle retail_financial_integration 14.1.3.2
oracle retail_financial_integration 15.0
oracle retail_financial_integration 15.0.4.0
oracle retail_financial_integration 16.0
oracle retail_financial_integration 16.0.3.0
oracle retail_integration_bus 14.1
oracle retail_integration_bus 14.1.3.2
oracle retail_integration_bus 15.0
oracle retail_integration_bus 15.0.4.0
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.3.0
oracle retail_integration_bus 19.0.1.0
oracle retail_item_planning 15.0.3
oracle retail_macro_space_optimization 15.0.3
oracle retail_merchandise_financial_planning 15.0.3
oracle retail_merchandising_system 19.0.1
oracle retail_point-of-service 14.0
oracle retail_point-of-service 14.1
oracle retail_point-of-service 15.0
oracle retail_point-of-service 16.0
oracle retail_predictive_application_server 14.0.3
oracle retail_predictive_application_server 14.1.3
oracle retail_predictive_application_server 15.0.3
oracle retail_predictive_application_server 16.0.3
oracle retail_predictive_application_server 16.0.3.0
oracle retail_regular_price_optimization 15.0.3
oracle retail_regular_price_optimization 16.0.3
oracle retail_replenishment_optimization 15.0.3
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 15.0
oracle retail_service_backbone 15.0.4.0
oracle retail_service_backbone 16.0
oracle retail_service_backbone 16.0.3.0
oracle retail_service_backbone 19.0.1.0
oracle retail_size_profile_optimization 15.0.3
oracle retail_size_profile_optimization 16.0.3
oracle retail_store_inventory_management 14.0.4
oracle retail_store_inventory_management 14.1
oracle retail_store_inventory_management 14.1.3
oracle retail_store_inventory_management 15.0
oracle retail_store_inventory_management 15.0.3
oracle retail_store_inventory_management 16.0
oracle retail_store_inventory_management 16.0.3
oracle retail_xstore_point_of_service 15.0.4
oracle retail_xstore_point_of_service 16.0.6
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle timesten_in-memory_database *
oracle timesten_in-memory_database 11.2.2.8.49
oracle utilities_framework *
oracle utilities_framework 2.2.0.0.0
oracle utilities_framework 4.2.0.2.0
oracle utilities_framework 4.2.0.3.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B89E03B-8066-45B2-9EC5-960A69B839F0",
              "versionEndIncluding": "1.9.14",
              "versionStartIncluding": "1.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EBC8E517-4020-4DB2-B1E3-F68CC0D074C9",
              "versionEndIncluding": "1.10.7",
              "versionStartIncluding": "1.10.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "A31C8344-3E02-4EB8-8BD8-4C84B7959624",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9A7EB29-65F6-4626-BA32-15D819B2B1AA",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "965EDB5A-A8E9-4ACB-AA93-610F13031A90",
              "versionEndIncluding": "14.4.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:category_management_planning_\\\u0026_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC9038EC-AFF9-46C8-ABE4-BE4BBDFD3E55",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "21CC9E01-616E-411B-B0C7-DE6E599D3319",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F015E20-7886-4713-B4EC-FE7894066D09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "991A279B-9D7C-4E39-8827-BC21C2C03B83",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69266D2-72D0-4A6C-883D-2597FE30931B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "448762C8-9CA2-40CD-968C-FABD05D20FAD",
              "versionEndIncluding": "3.0.2",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
              "versionEndIncluding": "16.2.11",
              "versionStartIncluding": "16.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
              "versionEndIncluding": "17.12.7",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real-time_decision_server:3.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD2288B1-FF5E-46BC-8551-4CC6B046A0D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "56239DBD-E294-44A4-9DD3-CEEC58C1BC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43DA1635-08DA-434D-AA39-20D117468B5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "037A31EF-B0AF-4800-B6F4-9CDE92ABB730",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "13F93FA2-B50B-4274-B636-740AEE587414",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F701CFD0-AA7D-44B1-BC17-5666CDE32196",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C401E65A-8FA0-44E6-9AFC-6CC06498122F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D4F8ECA-028E-486D-B318-E4CF5FE91A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:1.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD31AC22-CF51-4F0B-84BF-716CCB45AD9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "30501D23-5044-477A-8DC3-7610126AEFD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F09182F-D0F2-41A7-A4AB-79099194B2CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "44AA1B51-8A24-48F0-B16F-803D69698707",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CE7DB324-98A0-40AD-96D4-0800340F6F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "919DED83-2F88-4202-9556-5F4E5E1E6790",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A29C39DD-971B-4A3F-BA08-91C8CC9B4A32",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "97DD0665-C420-4F6F-AD1F-07674B13614E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_item_planning:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B54AAF6-A011-4108-A741-209AAFEBA1E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_macro_space_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EEB643C-684B-42A7-983C-187F8D134E09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandise_financial_planning:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5003D578-C9C2-4EC6-8866-5406789AEEA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD5EF655-EC1E-4ED3-B4AE-D74492577BDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F12FFD3D-ED01-46AC-97B2-ADFEE80A2537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_regular_price_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "60A1BB93-EFAD-4684-A87C-5FD0A7F2955A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_regular_price_optimization:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0922934E-2658-430F-99BE-A13C8A5F4338",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_replenishment_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "558A12F0-7070-461D-B5A5-911CDB34CD46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1581DEE7-48C3-4832-B616-A25D9DD3E898",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77326E29-0F3C-4BF1-905F-FF89EB9A897A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "013198BA-493A-4AD6-ADD7-A19FD81C7857",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_size_profile_optimization:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "74ACC94B-4A9F-451D-B639-6008A108BDDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E703304-0752-46F2-998B-A3D37C9E7A54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "722969B5-36CD-4413-954B-347BB7E51FAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DA1BF68-635B-4577-B3F7-DEBC39567C8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF295023-399E-4180-A28B-2DA3327A372C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B202AEF-1197-441B-8EA1-2913BFD8A545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5A2A49-42B0-44EB-B606-999275DC1DA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D8F551-8DC8-4510-8350-AE6BC64748DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "513AE97F-161C-43D2-B2D1-653125A9E920",
              "versionEndExcluding": "11.2.2.8.27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:11.2.2.8.49:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9EB3DE5-142C-43A5-9735-CB73C54D42E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D883EED9-CC64-479D-9C0A-35EB16F43AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
    },
    {
      "lang": "es",
      "value": "Apache Ant versiones 1.1 hasta 1.9.14 y versiones 1.10.0 hasta 1.10.7, utiliza el directorio temporal por defecto identificado por la propiedad del sistema Java java.io.tmpdir para varias tareas y puede, por tanto, filtrar informaci\u00f3n confidencial. Las tareas fixcrlf y replaceregexp tambi\u00e9n copian los archivos desde el directorio temporal de nuevo en el \u00e1rbol de compilaci\u00f3n, lo que permite a un atacante inyectar archivos fuente modificados en el proceso de compilaci\u00f3n."
    }
  ],
  "id": "CVE-2020-1945",
  "lastModified": "2024-11-21T05:11:42.183",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 3.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 6.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T16:15:12.767",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-34"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4380-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202007-34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://usn.ubuntu.com/4380-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-668"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-02-15 04:15
Modified
2024-11-21 05:48
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
References
security@php.nethttps://bugs.php.net/bug.php?id=80672Issue Tracking, Vendor Advisory
security@php.nethttps://lists.debian.org/debian-lts-announce/2021/07/msg00008.htmlMailing List, Third Party Advisory
security@php.nethttps://security.gentoo.org/glsa/202105-23Third Party Advisory
security@php.nethttps://security.netapp.com/advisory/ntap-20210312-0005/Third Party Advisory
security@php.nethttps://www.debian.org/security/2021/dsa-4856Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security@php.nethttps://www.tenable.com/security/tns-2021-14Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=80672Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/07/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202105-23Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210312-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4856Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-14Third Party Advisory
Impacted products
Vendor Product Version
php php *
php php *
php php *
debian debian_linux 9.0
debian debian_linux 10.0
netapp clustered_data_ontap -
oracle communications_diameter_signaling_router *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21A1DC5C-CFAD-4A37-8343-8F18F446ED45",
              "versionEndExcluding": "7.3.27",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8043349D-1EEB-46ED-9DC4-7D1D7B60BC78",
              "versionEndExcluding": "7.4.15",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D70FC63A-BC22-491B-836F-7FDA82D61908",
              "versionEndExcluding": "8.0.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
    },
    {
      "lang": "es",
      "value": "En PHP versiones 7.3.x por debajo de 7.3.27, 7.4.x por debajo de 7.4.15 y 8.0.x por debajo de 8.0.2, cuando se usa la extensi\u00f3n SOAP para conectarse a un servidor SOAP, un servidor SOAP malicioso podr\u00eda devolver datos XML malformados como respuesta eso har\u00eda que PHP acceda a un puntero null y, por tanto, causar\u00eda un bloqueo"
    }
  ],
  "id": "CVE-2021-21702",
  "lastModified": "2024-11-21T05:48:51.847",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-02-15T04:15:12.673",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=80672"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-23"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4856"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=80672"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202105-23"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4856"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-476"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-14 17:15
Modified
2024-11-21 04:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2020/05/14/7Mailing List, Patch, Third Party Advisory
security@apache.orghttps://camel.apache.org/security/CVE-2020-11971.htmlPatch, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/05/14/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://camel.apache.org/security/CVE-2020-11971.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache camel *
oracle communications_diameter_intelligence_hub *
oracle communications_diameter_intelligence_hub *
oracle communications_diameter_signaling_router *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F31C9DFE-CCA2-40F1-8F5A-C796BF1B6E75",
              "versionEndIncluding": "3.1.0",
              "versionStartIncluding": "2.22.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5B4A191-44AE-4C35-9164-19237D2CF013",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A543B4F8-149A-48AB-B388-AB7FA2ECAC18",
              "versionEndIncluding": "8.2.3",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Camel\u0027s JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0."
    },
    {
      "lang": "es",
      "value": "El JMX de Apache Camel es vulnerable a Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 hasta la versi\u00f3n  3.1.0 se ve afectado. Los usuarios deben actualizar a 3.2.0."
    }
  ],
  "id": "CVE-2020-11971",
  "lastModified": "2024-11-21T04:59:00.987",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T17:15:12.053",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/7"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://camel.apache.org/security/CVE-2020-11971.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://camel.apache.org/security/CVE-2020-11971.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-24 16:29
Modified
2024-11-21 04:13
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
References
security@apache.orghttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security@apache.orghttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security@apache.orghttp://www.securityfocus.com/bid/104252Third Party Advisory, VDB Entry
security@apache.orghttp://www.securitytracker.com/id/1040995Third Party Advisory, VDB Entry
security@apache.orghttps://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2018/05/msg00016.htmlMailing List, Third Party Advisory
security@apache.orghttps://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e
security@apache.orghttps://security.gentoo.org/glsa/202401-11
security@apache.orghttps://usn.ubuntu.com/3661-1/Third Party Advisory
security@apache.orghttps://www.debian.org/security/2018/dsa-4215Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.html
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.html
security@apache.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
security@apache.orghttps://xmlgraphics.apache.org/security.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104252Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1040995Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2018/05/msg00016.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202401-11
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3661-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2018/dsa-4215Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
af854a3a-2127-422b-91ae-364da2661108https://xmlgraphics.apache.org/security.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache batik *
debian debian_linux 7.0
debian debian_linux 8.0
debian debian_linux 9.0
canonical ubuntu_linux 14.04
oracle business_intelligence 11.1.1.7.0
oracle business_intelligence 11.1.1.9.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle communications_diameter_signaling_router *
oracle communications_metasolv_solution 6.3.0
oracle communications_webrtc_session_controller *
oracle data_integrator 12.2.1.3.0
oracle enterprise_repository 11.1.1.7.0
oracle enterprise_repository 12.1.3.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_infrastructure *
oracle fusion_middleware_mapviewer 12.2.1.2
oracle fusion_middleware_mapviewer 12.2.1.3
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2.1
oracle insurance_policy_administration_j2ee 10.0
oracle insurance_policy_administration_j2ee 10.2
oracle jd_edwards_enterpriseone_tools 9.2
oracle retail_back_office 13.3
oracle retail_back_office 13.4
oracle retail_back_office 14
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_integration_bus 17.0
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-service 13.4
oracle retail_point-of-service 14.0
oracle retail_point-of-service 14.1
oracle retail_returns_management 14.1


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:batik:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CABC1E2-FFB0-483A-9440-A249434A43D3",
              "versionEndExcluding": "1.10",
              "versionStartIncluding": "1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.7.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D18D8F82-D325-402B-BF46-3C5C27C95091",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0912F464-5F38-4BBB-9E68-65CE34306E7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77120A3C-9A48-45FC-A620-5072AF325ACF",
              "versionEndExcluding": "7.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E3469D7-69E4-4242-B45A-C0CD9E691C4A",
              "versionEndIncluding": "7.3.3.0.2",
              "versionStartIncluding": "7.3.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "011267E2-A8C7-4FB7-B96A-BCCFCDA7E903",
              "versionEndIncluding": "8.0.7.1.0",
              "versionStartIncluding": "8.0.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D151B58F-5583-4F19-B225-80075B45441B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7D665C9-408A-4039-A2D4-9EE565BC4656",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3BC82E-4780-4D10-B424-6CD9EFD0F2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12047B25-F234-4562-9943-63E47EF32684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "56745BD2-4BAE-407F-A926-396614CED669",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8341F73-256B-4FB8-B02D-CCCDACC63662",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBC0EBF9-AA2F-481A-AA40-D26DA31707A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A8B4FBF-94C5-449C-8D66-636C894B43DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:13.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4B26A00-9891-4524-9F85-AC5C91E58C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
    },
    {
      "lang": "es",
      "value": "En Apache Batik en versiones 1.x anteriores a la 1.10, cuando se deserializa la subclase de \"AbstractDocument\", la clase toma una cadena de inputStream como el nombre de clase y lo emplea para llamar al constructor no-arg de la clase. La soluci\u00f3n fue comprobar el tipo de clase antes de llamar a newInstance durante la deserializaci\u00f3n."
    }
  ],
  "id": "CVE-2018-8013",
  "lastModified": "2024-11-21T04:13:05.577",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-24T16:29:00.380",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104252"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040995"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
    },
    {
      "source": "security@apache.org",
      "url": "https://security.gentoo.org/glsa/202401-11"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3661-1/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4215"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://xmlgraphics.apache.org/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104252"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1040995"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202401-11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3661-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2018/dsa-4215"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://xmlgraphics.apache.org/security.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-14 20:15
Modified
2024-11-21 06:27
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
References
security@apache.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10379Third Party Advisory
security@apache.orghttps://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3EMailing List, Vendor Advisory
security@apache.orghttps://security.gentoo.org/glsa/202208-34Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20211104-0001/Third Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-5009Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10379Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3EMailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202208-34Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211104-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-5009Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache tomcat *
apache tomcat *
apache tomcat *
apache tomcat 10.0.0
apache tomcat 10.1.0
apache tomcat 10.1.0
apache tomcat 10.1.0
apache tomcat 10.1.0
apache tomcat 10.1.0
netapp hci -
netapp management_services_for_element_software -
debian debian_linux 11.0
oracle agile_engineering_data_management 6.2.1.0
oracle big_data_spatial_and_graph *
oracle communications_diameter_signaling_router *
oracle hospitality_cruise_shipboard_property_management_system 20.1.0
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle middleware_common_libraries_and_tools 12.2.1.4.0
oracle payment_interface 19.1
oracle payment_interface 20.3
oracle retail_customer_insights 15.0.2
oracle retail_customer_insights 16.0.2
oracle retail_data_extractor_for_merchandising 15.0.2
oracle retail_data_extractor_for_merchandising 16.0.2
oracle retail_eftlink 21.0.0
oracle retail_financial_integration 16.0.1
oracle retail_financial_integration 19.0.0
oracle retail_store_inventory_management 14.0.4.13
oracle retail_store_inventory_management 14.1.3.5
oracle retail_store_inventory_management 14.1.3.14
oracle retail_store_inventory_management 15.0.3.3
oracle retail_store_inventory_management 15.0.3.8
oracle retail_store_inventory_management 16.0.3.7
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle taleo_platform *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "890E6FBC-FCC5-44B0-8CE8-AD7E8F0A1BFA",
              "versionEndExcluding": "8.5.72",
              "versionStartIncluding": "8.5.60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "654BD045-868C-4DC0-B36C-824C0F4C41CD",
              "versionEndExcluding": "9.0.54",
              "versionStartIncluding": "9.0.40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C639222-18E7-4BDC-A53A-684F63C42991",
              "versionEndExcluding": "10.0.12",
              "versionStartIncluding": "10.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.0.0:milestone10:*:*:*:*:*:*",
              "matchCriteriaId": "83B9FF07-1B93-4F8C-AC56-7CA74E61B724",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "6D402B5D-5901-43EB-8E6A-ECBD512CE367",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "9846609D-51FC-4CDD-97B3-8C6E07108F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "2E321FB4-0B0C-497A-BB75-909D888C93CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone4:*:*:*:*:*:*",
              "matchCriteriaId": "3B0CAE57-AF7A-40E6-9519-F5C9F422C1BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomcat:10.1.0:milestone5:*:*:*:*:*:*",
              "matchCriteriaId": "7CB9D150-EED6-4AE9-BCBE-48932E50035E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:hci:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A6E548F-62E9-40CB-85DA-FDAA0F0096C6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:management_services_for_element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "86B51137-28D9-41F2-AFA2-3CC22B4954D1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
              "versionEndExcluding": "23.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_cruise_shipboard_property_management_system:20.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05F5B430-8BA1-4865-93B5-0DE89F424B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:middleware_common_libraries_and_tools:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB179A8-DFB7-4DCF-8DE3-096F376989F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D01A0EC-3846-4A74-A174-3797078DC699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E5FCFB-093A-48E9-8A4E-34C993D2764E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D1C35DF-D30D-42C8-B56D-C809609AB2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "834B4CE7-042E-489F-AE19-0EEA2C37E7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82653579-FF7D-4492-9CA2-B3DF6A708831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B95628-F108-424A-8C19-40A5F5B7D37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE6D2296-FF70-462A-963D-C93429499E4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7B0B33-2361-4CF5-8075-F609858A582E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "88458537-6DE8-4D79-BC71-9D08883AD0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E310654-0793-41CC-B049-C754AC31D016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5B22C6-97AF-4D1B-84C9-987C6F62C401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD9AAE5-9472-49C6-B054-DB76BEB86D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A104FDBD-0B28-44EE-91A0-A0C8939865A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10009CC2-04DD-4CD3-B256-2D5EFD9A1D1D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
    },
    {
      "lang": "es",
      "value": "La correcci\u00f3n del bug 63362 presente en Apache Tomcat versiones 10.1.0-M1 hasta 10.1.0-M5, versiones 10.0.0-M1 hasta 10.0.11, versiones 9.0.40 hasta 9.0.53 y versiones 8.5.60 hasta 8.5.71, introduc\u00eda una p\u00e9rdida de memoria. El objeto introducido para recopilar m\u00e9tricas para las conexiones de actualizaci\u00f3n HTTP no se liberaba para las conexiones WebSocket una vez que se cerraba la conexi\u00f3n. Esto creaba una p\u00e9rdida de memoria que, con el tiempo, pod\u00eda conllevar a una denegaci\u00f3n de servicio por medio de un OutOfMemoryError"
    }
  ],
  "id": "CVE-2021-42340",
  "lastModified": "2024-11-21T06:27:38.363",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-14T20:15:09.060",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-34"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5009"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202208-34"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-772"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-04-20 00:29
Modified
2024-11-21 04:20
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.htmlMailing List, Third Party Advisory
cve@mitre.orghttp://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlThird Party Advisory, VDB Entry
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/May/10Mailing List, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/May/11Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://seclists.org/fulldisclosure/2019/May/13Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.openwall.com/lists/oss-security/2019/06/03/2Mailing List, Patch, Third Party Advisory
cve@mitre.orghttp://www.securityfocus.com/bid/108023Broken Link, Third Party Advisory, VDB Entry
cve@mitre.orghttps://access.redhat.com/errata/RHBA-2019:1570Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:1456Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:2587Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3023Third Party Advisory
cve@mitre.orghttps://access.redhat.com/errata/RHSA-2019:3024Third Party Advisory
cve@mitre.orghttps://backdropcms.org/security/backdrop-sa-core-2019-009Third Party Advisory
cve@mitre.orghttps://blog.jquery.com/2019/04/10/jquery-3-4-0-released/Release Notes, Vendor Advisory
cve@mitre.orghttps://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1bPatch, Third Party Advisory
cve@mitre.orghttps://github.com/jquery/jquery/pull/4333Patch, Third Party Advisory
cve@mitre.orghttps://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3EIssue Tracking
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00006.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2019/05/msg00029.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/02/msg00024.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/Mailing List, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Apr/32Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/Jun/12Issue Tracking, Mailing List, Third Party Advisory
cve@mitre.orghttps://seclists.org/bugtraq/2019/May/18Mailing List, Patch, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20190919-0001/Third Party Advisory
cve@mitre.orghttps://snyk.io/vuln/SNYK-JS-JQUERY-174006Exploit, Third Party Advisory
cve@mitre.orghttps://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4434Third Party Advisory
cve@mitre.orghttps://www.debian.org/security/2019/dsa-4460Third Party Advisory
cve@mitre.orghttps://www.drupal.org/sa-core-2019-006Patch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/Patch, Third Party Advisory
cve@mitre.orghttps://www.synology.com/security/advisory/Synology_SA_19_19Third Party Advisory
cve@mitre.orghttps://www.tenable.com/security/tns-2019-08Third Party Advisory
cve@mitre.orghttps://www.tenable.com/security/tns-2020-02Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.htmlThird Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/10Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/11Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2019/May/13Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/06/03/2Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/108023Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHBA-2019:1570Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:1456Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2587Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3023Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3024Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://backdropcms.org/security/backdrop-sa-core-2019-009Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/jquery/jquery/pull/4333Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3EIssue Tracking
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00006.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/05/msg00029.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/02/msg00024.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Apr/32Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/Jun/12Issue Tracking, Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2019/May/18Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190919-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://snyk.io/vuln/SNYK-JS-JQUERY-174006Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4434Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4460Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.drupal.org/sa-core-2019-006Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_19_19Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-08Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2020-02Third Party Advisory
Impacted products
Vendor Product Version
jquery jquery *
debian debian_linux 8.0
debian debian_linux 9.0
debian debian_linux 10.0
drupal drupal *
drupal drupal *
drupal drupal *
backdropcms backdrop *
backdropcms backdrop *
fedoraproject fedora 28
fedoraproject fedora 29
fedoraproject fedora 30
opensuse backports_sle 15.0
opensuse leap 15.1
netapp oncommand_system_manager *
netapp snapcenter -
redhat cloudforms 4.7
redhat virtualization_manager 4.3
oracle agile_product_lifecycle_management_for_process 6.1
oracle agile_product_lifecycle_management_for_process 6.2.0.0
oracle agile_product_lifecycle_management_for_process 6.2.1.0
oracle agile_product_lifecycle_management_for_process 6.2.2.0
oracle agile_product_lifecycle_management_for_process 6.2.3.0
oracle application_express *
oracle application_service_level_management 13.2.0.0
oracle application_service_level_management 13.3.0.0
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3
oracle application_testing_suite 13.3.0.1
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_enterprise_collections *
oracle banking_platform *
oracle bi_publisher 5.5.0.0.0
oracle bi_publisher 12.2.1.3.0
oracle bi_publisher 12.2.1.4.0
oracle big_data_discovery 1.6
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle communications_analytics 12.1.1
oracle communications_application_session_controller 3.8m0
oracle communications_billing_and_revenue_management 7.5
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle communications_billing_and_revenue_management 12.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle communications_eagle_application_processor *
oracle communications_element_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_interactive_session_recorder *
oracle communications_operations_monitor *
oracle communications_operations_monitor 3.4
oracle communications_operations_monitor 4.0
oracle communications_operations_monitor 4.1.0
oracle communications_services_gatekeeper 7.0
oracle communications_session_report_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_session_report_manager 8.2.1
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle communications_unified_inventory_management 7.3
oracle communications_unified_inventory_management 7.4.0
oracle communications_webrtc_session_controller 7.2
oracle diagnostic_assistant 2.12.36
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle enterprise_manager_ops_center 12.4.0.0
oracle enterprise_session_border_controller 8.4
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_analytical_applications_reconciliation_framework *
oracle financial_services_analytical_applications_reconciliation_framework 8.1.0
oracle financial_services_asset_liability_management *
oracle financial_services_asset_liability_management 8.1.0
oracle financial_services_balance_sheet_planning 8.0.8
oracle financial_services_basel_regulatory_capital_basic *
oracle financial_services_basel_regulatory_capital_basic 8.1.0
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach *
oracle financial_services_basel_regulatory_capital_internal_ratings_based_approach 8.1.0
oracle financial_services_data_foundation *
oracle financial_services_data_governance_for_us_regulatory_reporting *
oracle financial_services_data_integration_hub *
oracle financial_services_data_integration_hub 8.1.0
oracle financial_services_enterprise_financial_performance_analytics 8.0.6
oracle financial_services_enterprise_financial_performance_analytics 8.0.7
oracle financial_services_funds_transfer_pricing *
oracle financial_services_funds_transfer_pricing 8.1.0
oracle financial_services_hedge_management_and_ifrs_valuations *
oracle financial_services_hedge_management_and_ifrs_valuations 8.1.0
oracle financial_services_institutional_performance_analytics *
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_liquidity_risk_management 8.0.0.1.0
oracle financial_services_liquidity_risk_management 8.0.2
oracle financial_services_liquidity_risk_management 8.0.4.0.0
oracle financial_services_liquidity_risk_management 8.0.5.0.0
oracle financial_services_liquidity_risk_management 8.0.6
oracle financial_services_liquidity_risk_measurement_and_management 8.0.7
oracle financial_services_liquidity_risk_measurement_and_management 8.0.8
oracle financial_services_liquidity_risk_measurement_and_management 8.1.0
oracle financial_services_loan_loss_forecasting_and_provisioning *
oracle financial_services_loan_loss_forecasting_and_provisioning 8.1.0
oracle financial_services_market_risk_measurement_and_management 8.0.5
oracle financial_services_market_risk_measurement_and_management 8.0.6
oracle financial_services_market_risk_measurement_and_management 8.0.8
oracle financial_services_price_creation_and_discovery *
oracle financial_services_profitability_management *
oracle financial_services_profitability_management 8.1.0
oracle financial_services_regulatory_reporting_for_de_nederlandsche_bank 8.0.4
oracle financial_services_regulatory_reporting_for_european_banking_authority 8.0.6
oracle financial_services_regulatory_reporting_for_european_banking_authority 8.0.7
oracle financial_services_regulatory_reporting_for_us_federal_reserve *
oracle financial_services_retail_customer_analytics *
oracle financial_services_retail_performance_analytics 8.0.6
oracle financial_services_retail_performance_analytics 8.0.7
oracle financial_services_revenue_management_and_billing 2.4.0.0
oracle financial_services_revenue_management_and_billing 2.4.0.1
oracle fusion_middleware_mapviewer 12.2.1.3.0
oracle healthcare_foundation 7.1.1
oracle healthcare_foundation 7.2.0
oracle healthcare_foundation 7.2.2
oracle healthcare_foundation 7.3.0
oracle healthcare_translational_research 3.1.0
oracle healthcare_translational_research 3.2.1
oracle healthcare_translational_research 3.3.1
oracle healthcare_translational_research 3.3.2
oracle healthcare_translational_research 3.4.0
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle hospitality_materials_control 18.1
oracle hospitality_simphony *
oracle hospitality_simphony 18.1
oracle hospitality_simphony 18.2
oracle identity_manager 12.2.1.3.0
oracle insurance_accounting_analyzer 8.0.9
oracle insurance_allocation_manager_for_enterprise_profitability 8.0.8
oracle insurance_allocation_manager_for_enterprise_profitability 8.1.0
oracle insurance_data_foundation *
oracle insurance_ifrs_17_analyzer 8.0.6
oracle insurance_ifrs_17_analyzer 8.0.7
oracle insurance_insbridge_rating_and_underwriting *
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle insurance_performance_insight 8.0.7
oracle jd_edwards_enterpriseone_tools 9.2
oracle jdeveloper 11.1.1.9.0
oracle jdeveloper 12.2.1.3.0
oracle jdeveloper 12.2.1.4.0
oracle jdeveloper_and_adf 11.1.1.9.0
oracle jdeveloper_and_adf 12.1.3.0.0
oracle jdeveloper_and_adf 12.2.1.3.0
oracle knowledge *
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle policy_automation *
oracle policy_automation 10.4.7
oracle policy_automation 12.1.0
oracle policy_automation 12.1.1
oracle policy_automation_connector_for_siebel 10.4.6
oracle policy_automation_for_mobile_devices *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 15.2.18
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle real-time_scheduler *
oracle rest_data_services 11.2.0.4
oracle rest_data_services 12.1.0.2
oracle rest_data_services 12.2.0.1
oracle rest_data_services 18c
oracle rest_data_services 19c
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle retail_point-of-service 14.0
oracle retail_point-of-service 14.1
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle service_bus 11.1.1.9.0
oracle service_bus 12.1.3.0.0
oracle service_bus 12.2.1.3.0
oracle siebel_mobile_applications *
oracle siebel_ui_framework 20.8
oracle storagetek_tape_analytics_sw_tool 2.3.0
oracle system_utilities 19.1
oracle tape_library_acsls 8.5
oracle tape_library_acsls 8.5.1
oracle transportation_management 1.4.3
oracle utilities_mobile_workforce_management *
oracle webcenter_sites 12.2.1.3.0
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
joomla joomla\! *
juniper junos 21.2


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:jquery:jquery:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D2D193C7-2259-492F-8B85-E74C57A7426A",
              "versionEndExcluding": "3.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC5AB839-4DAC-45E7-9D0B-B528F6D12043",
              "versionEndExcluding": "7.66",
              "versionStartIncluding": "7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9106BF81-B898-4EB0-B63C-9919D3B22260",
              "versionEndExcluding": "8.5.15",
              "versionStartIncluding": "8.5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B37281E-9B44-42A5-AE0A-17CE6770995C",
              "versionEndExcluding": "8.6.15",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E75C32CE-3FA9-4DC2-A22A-4A841D4911EB",
              "versionEndExcluding": "1.11.9",
              "versionStartIncluding": "1.11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:backdropcms:backdrop:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F204D6-2C8A-4517-8E3C-328ED0D9D3E4",
              "versionEndExcluding": "1.12.6",
              "versionStartIncluding": "1.12.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:28:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC1BD7B7-6D88-42B8-878E-F1318CA5FCAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:opensuse:backports_sle:15.0:sp1:*:*:*:*:*:*",
              "matchCriteriaId": "40513095-7E6E-46B3-B604-C926F1BA3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_system_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9273745-6408-4CD3-94E8-9385D4F5FE69",
              "versionEndIncluding": "3.1.3",
              "versionStartIncluding": "3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:cloudforms:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "04AC556D-D511-4C4C-B9FB-A089BB2FEFD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_manager:4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FA1A18F-D997-4121-A01B-FD9B3BF266CF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "230E2167-9107-4994-8328-295575E17DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A079FD6E-3BB0-4997-9A8E-6F8FEC89887A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "900D2344-5160-42A0-8C49-36DBC7FF3D87",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_express:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "90CFEC52-A574-493E-A2AC-0EC21851BBFA",
              "versionEndExcluding": "19.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_service_level_management:13.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3665B8A2-1F1A-490F-B01D-5B3455A6A539",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_service_level_management:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8577D60-A711-493D-9246-E49D0E2B07E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E5BC0B6-0C66-4FC5-81F0-6AC9BEC0813E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C784CEE8-F071-4583-A72D-F46C7C95FEC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_collections:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "660DB443-6250-4956-ABD1-C6A522B8DCCA",
              "versionEndIncluding": "2.8.0",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
              "versionEndIncluding": "2.10.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:5.5.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5CD806C1-CC17-47BD-8BB0-9430C4253BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC56004-4497-4CDD-AE76-5E3DFAE170F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:bi_publisher:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "274A0CF5-41E8-42E0-9931-F7372A65B9C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4C38FF-B75B-4DF1-BFB3-C91BDD10D90E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_analytics:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "55D98C27-734F-490B-92D5-251805C841B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.8m0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B796AC70-A220-48D8-B8CD-97CF57227962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
              "versionEndIncluding": "16.4.0",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E16A16E-BFA3-4D17-9B4E-B42ADE725356",
              "versionEndIncluding": "6.4",
              "versionStartIncluding": "6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9264AF8A-3819-40E5-BBCB-3B6C95A0D828",
              "versionEndIncluding": "4.3",
              "versionStartIncluding": "4.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D52F557F-D0A0-43D3-85F1-F10B6EBFAEDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3517A27-E6EE-497C-9996-F78171BBE90F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_operations_monitor:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C3CE8D5-6404-4CEB-953E-7B7961BC14D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "726DB59B-00C7-444E-83F7-CB31032482AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:diagnostic_assistant:2.12.36:*:*:*:*:*:*:*",
              "matchCriteriaId": "80B6D265-9D72-45C3-AA2C-5B186E23CDAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_session_border_controller:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "7015A8CB-8FA6-423E-8307-BD903244F517",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5BC32AA-78BE-468B-B92A-5A0FFFA970FA",
              "versionEndIncluding": "7.3.5",
              "versionStartIncluding": "7.3.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA699B16-5100-4485-9BB7-85B247743B17",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E00BA1-E643-45D9-97D3-EF12C29DB262",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_reconciliation_framework:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ACA29E6-F393-46E5-B2B3-9158077819A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "703DA91D-3440-4C67-AA20-78F71B1376DD",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_asset_liability_management:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "39B8DFFF-B037-4F29-8C8E-F4BBC3435199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_balance_sheet_planning:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D0D0EAC-300D-44B1-AD4A-93A368D5DBA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB2A0EB-E1C7-4206-8E64-D2EE77C1CD86",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_basic:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A566893-8DCF-49E4-93D0-0ACCEFD70D3D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A180039F-22C3-458E-967D-E07C61C69FAF",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_basel_regulatory_capital_internal_ratings_based_approach:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E5D719-249D-48B8-BAFC-1E14D250B3F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_data_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C5F6B8C-2044-4E68-98BD-37B0CD108434",
              "versionEndIncluding": "8.0.8",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_data_governance_for_us_regulatory_reporting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "672949B4-1989-4AA7-806F-EEC07D07F317",
              "versionEndIncluding": "8.0.9",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73E05211-8415-42FB-9B93-959EB03B090B",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_data_integration_hub:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9476D1DA-C8A8-40A0-94DD-9B46C05FD461",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DEE0A37-6B9A-43FE-B3E0-8AB5CA368425",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_enterprise_financial_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF6A5433-A7D9-4521-9D28-E7684FB76E5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AC15899F-8528-4D10-8CD5-F67121D7F293",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_funds_transfer_pricing:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F727AAC6-6D9F-4B28-B07C-6A93916C43A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30657F1B-D1FC-4EE6-9854-18993294A01D",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_hedge_management_and_ifrs_valuations:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C17460-D326-4525-A7D1-0AED53E75E18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30F0991A-8507-48C4-9A8E-DE5B28C46A99",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00ED7CB0-96F7-4089-9047-A3AC241139C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "005E458D-4059-4E20-A620-B25DEBCE40C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "74008AEE-589F-423E-8D77-EA54C36D776A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD85DB06-692F-4E81-BEB7-1E41B438D1FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_management:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6149C89E-0111-4CF9-90CA-0662D2F75E04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CDDF6CA-6441-4606-9D2F-22A67BA46978",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA0B592-A216-4320-A4FE-ABCA6B3E7D7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_liquidity_risk_measurement_and_management:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEA4D6CF-D54A-40DF-9B70-E13392D0BE19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6C521C-F104-4E26-82F2-6F63F94108BC",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_loan_loss_forecasting_and_provisioning:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "397B1A24-7C95-4A73-8363-4529A7F6CFCC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "402B8642-7ACC-4F42-87A9-AB4D3B581751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF6D5112-4055-4F89-A5B3-0DCB109481B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_market_risk_measurement_and_management:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "D262848E-AA24-4057-A747-6221BA22ADF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2163B848-D684-4B17-969A-36E0866C5749",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "00615085-65B2-4211-A766-551842B3356F",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_profitability_management:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8E565DA-91BE-44FC-A28F-579BE8D2281A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_de_nederlandsche_bank:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "51DB64CA-8953-43BB-AEA9-D0D7E91E9FE3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "669BA301-4D29-4692-823B-CDEDD2A5BD18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_european_banking_authority:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "419559E6-5441-4335-8FE1-6ADAAD9355DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_for_us_federal_reserve:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "036E4450-53C6-4322-9C7D-91DA94C9A3C9",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "89C26226-A3CF-4D36-BBDA-80E298E0A51F",
              "versionEndIncluding": "8.0.6",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F67D1332-621E-4756-B205-97A5CF670A19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "6748C867-0A52-452B-B4D6-DA80396F4152",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A64B5C4C-DF69-4292-A534-EDC5955CDDAE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_revenue_management_and_billing:2.4.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7141C66-0384-4BA1-A788-91DEB7EF1361",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware_mapviewer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "06E586B3-3434-4B08-8BE3-16C528642CA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "26A1F27B-C3AC-4D13-B9B2-2D6CF65D07BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B95E8056-51D8-4390-ADE3-661B7AE1D7CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EFC8DAB-E5D8-420C-B800-08F8C5BF3F4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9059A907-508B-4844-8D7B-0FA68C0DF6A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5ACB1D2-69CE-4B7D-9B51-D8F80E541631",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1F726C6-EA5A-40FF-8809-4F48E4AE6976",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD7C26E3-BB0D-4218-8176-319AEA2925C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD67072F-3CFC-480D-9360-81A05D523318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:3.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "652E762A-BCDD-451E-9DE3-F1555C1E4B16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_materials_control:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC63D10-2326-4542-B345-31D45B9A7408",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_simphony:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BFD7783-BE15-421C-A550-7FE15AB53ABF",
              "versionEndIncluding": "19.1.2",
              "versionStartIncluding": "19.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F7BF047-03C5-4A60-B718-E222B16DBF41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_simphony:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3A73D81-3E1A-42E6-AB96-835CDD5905F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_accounting_analyzer:8.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "66136D6D-FC52-40DB-B7B6-BA8B7758CE16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "06514F46-544B-4404-B45C-C9584EBC3131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_allocation_manager_for_enterprise_profitability:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD4BF9A-BF38-460D-974D-5B3255AAF946",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "92D538A5-819D-4DF7-85FE-4D4EB6E230E0",
              "versionEndIncluding": "8.0.7",
              "versionStartIncluding": "8.0.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDA3A88-002B-4700-9277-3187C0A3E4B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_ifrs_17_analyzer:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE886BC5-F807-4627-8233-2290817FE205",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B47C73D0-BE89-4D87-8765-12C507F13AFF",
              "versionEndIncluding": "5.6.0.0",
              "versionStartIncluding": "5.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_performance_insight:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B5D7DB-C70E-4926-819F-E39B79F4D0C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7506589-9B3B-49BA-B826-774BFDCC45B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "228DA523-4D6D-48C5-BDB0-DB1A60F23F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37EB4A1D-A875-46B7-BEB0-694D1F400CF7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2233F287-6B9F-4C8A-A724-959DD3AD29AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper_and_adf:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2381FAB6-8D36-4389-98E4-74F3462654BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:knowledge:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9E587602-BA7D-4087-BE29-ACE0B01BD590",
              "versionEndIncluding": "8.6.3",
              "versionStartIncluding": "8.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "84668F58-6511-4E53-8213-13B440F454C1",
              "versionEndIncluding": "12.2.15",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:10.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8B3B57-73D6-4402-987F-8AE723D52F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "62BF043E-BCB9-433D-BA09-7357853EE127",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:12.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F26FB80-F541-4B59-AC3C-633F49388B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation_connector_for_siebel:10.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB5E2C7-9C68-4D3B-95AD-9CBF65DE1E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12D3B2F0-E9C7-432B-91C6-A6C329A84B78",
              "versionEndIncluding": "12.2.15",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
              "versionEndIncluding": "16.2.11",
              "versionStartIncluding": "16.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E4AA3854-C9FD-4287-85A0-EE7907D1E1ED",
              "versionEndIncluding": "17.12.7",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8CD4002-F310-4BE4-AF7B-4BCCB17DA6FF",
              "versionEndIncluding": "18.8.9",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69112C56-7747-4E11-A938-85A481529F58",
              "versionEndIncluding": "19.12.4",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9E628E7-6CC5-418C-939F-8EEA69B222A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:real-time_scheduler:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "99579D88-27C0-4B93-B2F4-69B6781BC4BD",
              "versionEndIncluding": "2.3.0.3",
              "versionStartIncluding": "2.3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:11.2.0.4:*:*:*:-:*:*:*",
              "matchCriteriaId": "36FC547E-861A-418C-A314-DA09A457B13A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:12.1.0.2:*:*:*:-:*:*:*",
              "matchCriteriaId": "DF9FEE51-50E3-41E9-AA0D-272A640F85CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:12.2.0.1:*:*:*:-:*:*:*",
              "matchCriteriaId": "E69E905F-2E1A-4462-9082-FF7B10474496",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:18c:*:*:*:-:*:*:*",
              "matchCriteriaId": "0F9B692C-8986-4F91-9EF4-2BB1E3B5C133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rest_data_services:19c:*:*:*:-:*:*:*",
              "matchCriteriaId": "C5F4C40E-3ABC-4C59-B226-224262DCFF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_bus:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E2B6C75-3EB5-4BCE-B5D1-39DD3DE94139",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_bus:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "70BEF219-45EC-4A53-A815-42FBE20FC300",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_bus:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EA2023A-1AD6-41FE-A214-9D1F6021D6B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_mobile_applications:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AA4E307-D5FA-461D-9809-BDD123AE7B74",
              "versionEndIncluding": "19.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:20.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "98B9198C-11DF-4E80-ACFC-DC719CED8C7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "587EE4F3-E7AC-4A69-9476-0E71E75EE7A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:system_utilities:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7961BBD-6411-4D32-947D-3940221C235B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6879D52-A44E-4DF8-8A3A-3613822EB469",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:transportation_management:1.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AAF89C1-AAC2-449C-90C1-895F5F8843B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_mobile_workforce_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F2D3FA0-BD9D-4828-AE36-1CE43D9B07D1",
              "versionEndIncluding": "2.3.0.3",
              "versionStartIncluding": "2.3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C63557DE-E65B-46F4-99C4-247EACCB7BBA",
              "versionEndIncluding": "3.9.4",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:juniper:junos:21.2:-:*:*:*:*:*:*",
              "matchCriteriaId": "216E7DDE-453D-481F-92E2-9F8466CDDA3F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
    },
    {
      "lang": "es",
      "value": "jQuery, en versiones anteriores a 3.4.0, como es usado en Drupal, Backdrop CMS, y otros productos, maneja mal jQuery.extend(true, {}, ...) debido a la contaminaci\u00f3n de Object.prototype. Si un objeto fuente no sanitizado conten\u00eda una propiedad enumerable __proto__, podr\u00eda extender el Object.prototype nativo."
    }
  ],
  "id": "CVE-2019-11358",
  "lastModified": "2024-11-21T04:20:56.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-04-20T00:29:00.247",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/10"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/11"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/13"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108023"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:1570"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1456"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2587"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3023"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3024"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jquery/jquery/pull/4333"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Apr/32"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/18"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4434"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.drupal.org/sa-core-2019-006"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-08"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2020-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2019/May/13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/108023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHBA-2019:1570"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:1456"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2587"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3023"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/jquery/jquery/pull/4333"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Apr/32"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/Jun/12"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2019/May/18"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4434"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4460"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.drupal.org/sa-core-2019-006"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2020-02"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-1321"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-02-27 23:29
Modified
2024-11-21 04:36
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttp://www.securityfocus.com/bid/107174Third Party Advisory, VDB Entry
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2304Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2437Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2439Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:2471Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:3929Third Party Advisory
openssl-security@openssl.orghttps://access.redhat.com/errata/RHSA-2019:3931Third Party Advisory
openssl-security@openssl.orghttps://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
openssl-security@openssl.orghttps://kc.mcafee.com/corporate/index?page=content&id=SB10282Third Party Advisory
openssl-security@openssl.orghttps://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlMailing List, Third Party Advisory
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
openssl-security@openssl.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
openssl-security@openssl.orghttps://security.gentoo.org/glsa/201903-10Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190301-0001/Patch, Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190301-0002/Broken Link, Third Party Advisory
openssl-security@openssl.orghttps://security.netapp.com/advisory/ntap-20190423-0002/Third Party Advisory
openssl-security@openssl.orghttps://support.f5.com/csp/article/K18549143Third Party Advisory
openssl-security@openssl.orghttps://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS
openssl-security@openssl.orghttps://usn.ubuntu.com/3899-1/Third Party Advisory
openssl-security@openssl.orghttps://usn.ubuntu.com/4376-2/Broken Link
openssl-security@openssl.orghttps://www.debian.org/security/2019/dsa-4400Third Party Advisory
openssl-security@openssl.orghttps://www.openssl.org/news/secadv/20190226.txtVendor Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2019-02Patch, Third Party Advisory
openssl-security@openssl.orghttps://www.tenable.com/security/tns-2019-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107174Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2304Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2437Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2439Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2471Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3929Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3931Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e
af854a3a-2127-422b-91ae-364da2661108https://kc.mcafee.com/corporate/index?page=content&id=SB10282Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201903-10Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190301-0001/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190301-0002/Broken Link, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190423-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K18549143Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSS
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/3899-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4376-2/Broken Link
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2019/dsa-4400Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.openssl.org/news/secadv/20190226.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-02Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2019-03Third Party Advisory
Impacted products
Vendor Product Version
openssl openssl *
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 18.10
debian debian_linux 8.0
debian debian_linux 9.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager -
netapp altavault -
netapp cloud_backup -
netapp clustered_data_ontap_antivirus_connector -
netapp element_software -
netapp hci_management_node -
netapp hyper_converged_infrastructure -
netapp oncommand_insight -
netapp oncommand_unified_manager -
netapp oncommand_unified_manager -
netapp oncommand_unified_manager_core_package -
netapp oncommand_workflow_automation -
netapp ontap_select_deploy -
netapp ontap_select_deploy_administration_utility -
netapp santricity_smi-s_provider -
netapp service_processor -
netapp smi-s_provider -
netapp snapcenter -
netapp snapdrive -
netapp snapdrive -
netapp snapprotect -
netapp solidfire -
netapp steelstore_cloud_integrated_storage -
netapp storage_automation_store -
netapp storagegrid *
netapp storagegrid -
netapp hci_compute_node -
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_access_policy_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_advanced_firewall_manager *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_analytics *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_acceleration_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_application_security_manager *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_domain_name_system *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_edge_gateway *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_fraud_protection_service *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_global_traffic_manager *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_link_controller *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_local_traffic_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_policy_enforcement_manager *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-ip_webaccelerator *
f5 big-iq_centralized_management *
f5 big-iq_centralized_management *
f5 traffix_signaling_delivery_controller *
f5 traffix_signaling_delivery_controller 4.4.0
tenable nessus *
opensuse leap 15.0
opensuse leap 15.1
opensuse leap 42.3
netapp cn1610_firmware -
netapp cn1610 -
netapp a320_firmware -
netapp a320 -
netapp c190_firmware -
netapp c190 -
netapp a220_firmware -
netapp a220 -
netapp fas2720_firmware -
netapp fas2720 -
netapp fas2750_firmware -
netapp fas2750 -
netapp a800_firmware -
netapp a800 -
fedoraproject fedora 29
fedoraproject fedora 30
fedoraproject fedora 31
mcafee agent *
mcafee data_exchange_layer *
mcafee threat_intelligence_exchange_server *
mcafee web_gateway *
redhat jboss_enterprise_web_server 5.0.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat enterprise_linux 8.0
redhat virtualization 4.0
redhat virtualization_host 4.0
redhat enterprise_linux 7.0
redhat enterprise_linux_desktop 6.0
redhat enterprise_linux_desktop 7.0
redhat enterprise_linux_server 6.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_workstation 7.0
oracle api_gateway 11.1.2.4.0
oracle business_intelligence 11.1.1.9.0
oracle business_intelligence 12.2.1.3.0
oracle business_intelligence 12.2.1.4.0
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.3
oracle communications_diameter_signaling_router 8.4
oracle communications_performance_intelligence_center 10.4.0.2
oracle communications_session_border_controller 7.4
oracle communications_session_border_controller 8.0.0
oracle communications_session_border_controller 8.1.0
oracle communications_session_border_controller 8.2
oracle communications_session_border_controller 8.3
oracle communications_session_router 7.4
oracle communications_session_router 8.0
oracle communications_session_router 8.1
oracle communications_session_router 8.2
oracle communications_session_router 8.3
oracle communications_unified_session_manager 7.3.5
oracle communications_unified_session_manager 8.2.5
oracle endeca_server 7.7.0
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_manager_ops_center 12.4.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle jd_edwards_world_security a9.3
oracle jd_edwards_world_security a9.3.1
oracle jd_edwards_world_security a9.4
oracle mysql *
oracle mysql *
oracle mysql *
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle mysql_workbench *
oracle peoplesoft_enterprise_peopletools 8.55
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle secure_global_desktop 5.4
oracle services_tools_bundle 19.2
paloaltonetworks pan-os *
paloaltonetworks pan-os *
paloaltonetworks pan-os *
paloaltonetworks pan-os *
nodejs node.js *
nodejs node.js *
nodejs node.js *
nodejs node.js *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FB0EC34-4625-4B2A-8AB9-0764D9D9E6BC",
              "versionEndExcluding": "1.0.2r",
              "versionStartIncluding": "1.0.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "07C312A0-CD2C-4B9C-B064-6409B25C278F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:altavault:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E878102-1EA0-4D83-9F36-955DCF902211",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "62347994-1353-497C-9C4A-D5D8D95F67E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:element_software:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "85DF4B3F-4BBC-42B7-B729-096934523D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hci_management_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3C19813-E823-456A-B1CE-EC0684CE1953",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:hyper_converged_infrastructure:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "893C0367-DD1A-4754-B9E0-4944344108EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "C18CA4B5-28FD-4199-B1F0-B1E59E920370",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:-:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "EB2FB857-5F1F-46E5-A90C-AFB990BF1660",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager_core_package:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A4D418D-B526-46B9-B439-E1963BF88C0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E968916-8CE0-4165-851F-14E37ECEA948",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:ontap_select_deploy_administration_utility:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7CF3019-975D-40BB-A8A4-894E62BD3797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "361B791A-D336-4431-8F68-8135BEFFAEA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:service_processor:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "146A767F-DC04-454B-9913-17D3A2B5AAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4BB0FDCF-3750-44C6-AC5C-0CC2AAD14093",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:unix:*:*",
              "matchCriteriaId": "61D7EF01-F618-497F-9375-8003CEA3D380",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapdrive:-:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BEDE62C6-D571-4AF8-B85E-CBBCE4AF98B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapprotect:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F74F467A-0C81-40D9-BA06-40FB8EF02C04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:solidfire:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6E9EF0C-AFA8-4F7B-9FDC-1E0F7C26E737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D239B58A-9386-443D-B579-B56AE2A500BC",
              "versionEndIncluding": "9.0.4",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:h:netapp:hci_compute_node:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7447BC-F315-4298-A822-549942FC118B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C3B5688-0235-4D4F-A26C-440FF24A1B43",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "706316DC-8C24-4D9E-B7B4-F62CB52106B8",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCBAF5C1-3761-47BB-AD8E-A55A64D33AF3",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_access_policy_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFBB9E7C-08D1-4B30-AD3B-CADBF30D756B",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "151ED6D1-AA85-4213-8F3A-8167CBEC4721",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFA83D61-1A50-47F5-B9BE-15D672A6DDAD",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "925049D0-082E-4CED-9996-A55620A220CF",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_advanced_firewall_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "830028B5-9BAF-439C-8166-1053C0CB9836",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D5AA99B-08E7-4959-A3B4-41AA527B4B22",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "22C64069-68D1-445F-B20D-FD1FF8DB0F71",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D87C038-B96D-4EA8-AB03-0401B2C9BB24",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC2A57-030F-4A13-B584-BE2627EA3FE7",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DC86A5F-C793-4848-901F-04BFB57A07F6",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CE03A8F-DAE1-4923-9741-DC89FA8A6FD8",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "037C035C-9CFC-4224-8264-6132252D11FD",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_acceleration_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD91F1A1-67F5-4547-848B-21664A9CC685",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E5552A3-91CD-4B97-AD33-4F1FB4C8827A",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7E616EB-F2F9-43BF-A23D-8FD0650DA85B",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE66A673-75EF-4AB3-AD4D-A1E70C7EFB08",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_application_security_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "10367A28-787A-4FAB-80AD-ADD67A751732",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55C2EC23-E78F-4447-BACF-21FC36ABF155",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "180D2770-61F3-4CFB-B5FA-1CF1796D4B3E",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "46712630-407A-4E61-B62F-3AB156353A1D",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_domain_name_system:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "21E18EA5-2210-41B1-87B0-55AB16514FE2",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFFCCCFF-8B66-4C8B-A99A-32964855EF98",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D0BD10F-735D-4442-828B-0B90207ABEAD",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "448BB033-AE0F-46A0-8E98-3A6AE36EADAE",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_edge_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC06609D-C362-4214-8487-2278161B5EAD",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "945A19E8-51EB-42FE-9BF1-12DAC78B5286",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2008DD47-CC1D-430F-8478-E90617F5F998",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC39F6EE-478A-4638-B97D-3C25FD318F3D",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_fraud_protection_service:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "317C50A2-FE92-4C78-A94A-062274E6A6A8",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB5007D0-BBDB-4D74-9C88-98FBA74757D1",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "389B6330-3041-4892-97D5-B5A6D9CE1487",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C556587-6963-49CF-8A2B-00431B386D78",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_global_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D748001D-340C-45C4-A2D0-0575538C5CEC",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7725810-66D2-4460-A174-9F3BFAD966F2",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7854954-A9A4-487B-B6C7-8DC1F83F4BD7",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "572B1078-60C4-4A71-A0F4-2E2F4FBC4102",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_link_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0371EB7C-3D41-4B8C-8FA9-DC6F42442448",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFD760FE-4347-4D36-B5C6-4009398060F2",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB7588DA-75D3-4374-8871-D92E95509C91",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C95403E8-A078-47E8-9B2F-F572D24C79EF",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_local_traffic_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C1BC0A8-5868-4FCA-80A5-661C3870EB7D",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65B76F53-7D8B-477E-8B6E-91AC0A9009FF",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E824BD72-428F-4A8D-ABE6-2A45EB9A4E3A",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57A92EE2-FFC9-45C9-9454-7DFAB1F7EE11",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_policy_enforcement_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0585424E-3F74-400E-8199-ED964317F89F",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "69338CB1-B6E2-44E7-BEC1-6B9EAD560C8B",
              "versionEndIncluding": "12.1.5",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6CF6F4-D68A-45C3-A36E-A8B3AF61367F",
              "versionEndIncluding": "13.1.3",
              "versionStartIncluding": "13.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2ADF37B-FCEB-4735-82D9-4241E3A4DE64",
              "versionEndIncluding": "14.1.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-ip_webaccelerator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7722F39-9B7E-4267-B757-B9570B039323",
              "versionEndIncluding": "15.1.0",
              "versionStartIncluding": "15.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F37D18F2-8C6A-4557-85DC-2A751595423C",
              "versionEndIncluding": "6.1.0",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:big-iq_centralized_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88B0206-093A-4A18-8322-A1CD1D4ACF2A",
              "versionEndIncluding": "7.1.0",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E52F91D-3F39-4D89-8069-EC422FB1F700",
              "versionEndIncluding": "5.1.0",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:f5:traffix_signaling_delivery_controller:4.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D71A781-FBD8-4084-8D9C-00D7B6ECB9A1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:nessus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "427DA624-2397-4A61-A2ED-23F5C22C174E",
              "versionEndIncluding": "8.2.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1E78106-58E6-4D59-990F-75DA575BFAD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:cn1610_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB30733E-68FC-49C4-86C0-7FEE75C366BF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:cn1610:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6361DAC6-600F-4B15-8797-D67F298F46FB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a320_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "6ADE5E80-06D3-4A1B-A655-FBB6CCA03939",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a320:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8FD5E05-3C58-465F-9D4F-ECC2CD78DCFF",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:c190_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "75A43965-CB2E-4C28-AFC3-1ADE7A6B845C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:c190:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D421A96-E6E9-4B27-ADE0-D8E87A82EEDE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a220_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F2D2745-242C-4603-899E-70C9025BDDD2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a220:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "EFB4541D-5EF7-4266-BFF3-2DDEC95E8012",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas2720_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FD1DA9-7980-4643-B378-7095892DA176",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas2720:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "347E9E3E-941C-4109-B59F-B9BB05486B34",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:fas2750_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD661062-0D5B-4671-9D92-FEF8D7395C1E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:fas2750:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "8155BF5F-DD1B-4AB4-81F8-9BCE6A8821AE",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:netapp:a800_firmware:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "B36CECA5-4545-49C2-92EB-B739407B207F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:netapp:a800:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8E7549A-DE35-4274-B3F6-22D51C7A6613",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:29:*:*:*:*:*:*:*",
              "matchCriteriaId": "D100F7CE-FC64-4CC6-852A-6136D72DA419",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
              "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mcafee:agent:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD9362E-F36F-4820-A29E-5BDDF6AC3ACE",
              "versionEndIncluding": "5.6.4",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:data_exchange_layer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02630E85-191E-4C58-B81B-4DAF93A26856",
              "versionEndExcluding": "6.0.0",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:threat_intelligence_exchange_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "65D5476E-FBF9-474B-87E1-B6459E52736C",
              "versionEndExcluding": "3.0.0",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:mcafee:web_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DDD5E877-978C-4A16-B6C5-41A30D020B54",
              "versionEndExcluding": "9.0.0",
              "versionStartIncluding": "7.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_web_server:5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F04157-FB34-4F22-B328-6BE1F2373DEE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE249E1B-A1FD-4E08-AA71-A0E1F10FFE97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5ED5807-55B7-47C5-97A6-03233F4FBC3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:api_gateway:11.1.2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5553591-073B-45E3-999F-21B8BA2EEE22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:11.1.1.9.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "523CD57C-43D4-4C79-BA00-A9A65C6588E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.3.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "77C3DD16-1D81-40E1-B312-50FBD275507C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:12.2.1.4.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "81DAC8C0-D342-44B5-9432-6B88D389584F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDA8DD5B-8A34-4CB3-B0FB-F82C73B25007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6E5E8B0-EDE5-4FE4-880C-766FAE1EA42C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8EDA23C-7F75-4712-AF3F-B0E3597810B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D139E52-0528-4D05-8502-1AB9AB10CA9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F59AE20-7B9D-47A5-9E0D-A73F4A0E7D34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D4AF039-F3B6-45EB-A87E-8BCCF822AE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B9F6415-2950-49FE-9CAF-8BCA4DB6DF4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_border_controller:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05190B9-237F-4E2E-91EA-DB1B738864AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5D0F0C0-75EB-4685-A4CD-E58D1F2C6FDC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B59717B5-34D5-4C83-904A-884ED30DFC19",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19BA6F25-B88A-42A1-A9E3-2DCF4E8F51A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E28B437-64A8-456C-98A1-4ADF5B6A2F60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_router:8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2D705705-0D0D-468B-A140-C9A1B7A6CE6F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "07BB35D4-9CCD-43D3-B482-E0BEB3BF2351",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_session_manager:8.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB468FEE-A0F4-49A0-BBEE-10D0733C87D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_server:7.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB290045-2140-47EE-9BB4-35BAE8F1599C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37209C6F-EF99-4D21-9608-B3A06D283D24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83800E2F-804C-485D-A8FA-F4B32CDB4548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "60BEB1C6-C279-4BB0-972C-BE28A6605C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_world_security:a9.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1CAD50-749F-4ADB-A046-BF3585677A58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C637AC8A-F5F7-447E-A7F6-D6BA7AB45DF9",
              "versionEndIncluding": "5.6.43",
              "versionStartIncluding": "5.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA988288-7D0C-4ADE-BE61-484D2D555A8A",
              "versionEndIncluding": "5.7.25",
              "versionStartIncluding": "5.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E106D13-CBF8-4A2C-8E89-A66C6EF5D408",
              "versionEndIncluding": "8.0.15",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFBC7A65-3C0B-4B17-B087-250E69EE5B12",
              "versionEndIncluding": "4.0.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A443D73A-63BE-4D1F-B605-0F7D20915518",
              "versionEndIncluding": "8.0.14",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "71CD99E7-3FE7-42E2-B480-7AA0E543340E",
              "versionEndIncluding": "8.0.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.55:*:*:*:*:*:*:*",
              "matchCriteriaId": "45CB30A1-B2C9-4BF5-B510-1F2F18B60C64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5265C91-FF5C-4451-A7C2-D388A65ACFA2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:services_tools_bundle:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "62DAD71E-A6D5-4CA9-A016-100F2D5114A6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F457852F-D998-4BCF-99FE-09C6DFC8851A",
              "versionEndExcluding": "7.1.15",
              "versionStartIncluding": "7.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACA311D7-0ADC-497A-8A47-5AB864F201DE",
              "versionEndExcluding": "8.0.20",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F57DBD8-DCA7-43FB-AC9E-6BDBB3EBE500",
              "versionEndExcluding": "8.1.8",
              "versionStartIncluding": "8.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:paloaltonetworks:pan-os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1987BB-8F42-48F0-8FE2-70ABD689F434",
              "versionEndExcluding": "9.0.2",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "D107EC29-67E7-40C3-8E5A-324C9105C5E4",
              "versionEndIncluding": "6.8.1",
              "versionStartIncluding": "6.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "FD2FB20C-EC88-4CD3-BC6E-1E65FAFADC36",
              "versionEndExcluding": "6.17.0",
              "versionStartIncluding": "6.9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:-:*:*:*",
              "matchCriteriaId": "74FB695D-2C76-47AB-988E-5629D2E695E5",
              "versionEndIncluding": "8.8.1",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:nodejs:node.js:*:*:*:*:lts:*:*:*",
              "matchCriteriaId": "A94F4836-1873-43F4-916E-9D9B302A053A",
              "versionEndExcluding": "8.15.1",
              "versionStartIncluding": "8.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
    },
    {
      "lang": "es",
      "value": "Si una aplicaci\u00f3n encuentra un error de protocolo \"fatal\" y llama a SSL_shutdown() dos veces (una vez para enviar un close_notify y otra vez para recibir uno de \u00e9stos), posteriormente OpenSLL puede responder de manera diferente a la aplicaci\u00f3n llamante si un registro de 0 byte se recibe con un relleno inv\u00e1lido, comparado con si un registro de 0 bytes se recibe con un MAC inv\u00e1lido."
    }
  ],
  "id": "CVE-2019-1559",
  "lastModified": "2024-11-21T04:36:48.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-02-27T23:29:00.277",
  "references": [
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107174"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2304"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2437"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2439"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2471"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3929"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3931"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-10"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K18549143"
    },
    {
      "source": "openssl-security@openssl.org",
      "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3899-1/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://usn.ubuntu.com/4376-2/"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4400"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20190226.txt"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-02"
    },
    {
      "source": "openssl-security@openssl.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107174"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2304"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2437"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2439"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2471"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3929"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3931"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201903-10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.f5.com/csp/article/K18549143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/3899-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://usn.ubuntu.com/4376-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2019/dsa-4400"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.openssl.org/news/secadv/20190226.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2019-03"
    }
  ],
  "sourceIdentifier": "openssl-security@openssl.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-203"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-19 15:15
Modified
2024-11-21 06:14
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
References
reefs@jfrog.comhttps://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363Third Party Advisory
reefs@jfrog.comhttps://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E
reefs@jfrog.comhttps://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E
reefs@jfrog.comhttps://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlMailing List, Third Party Advisory
reefs@jfrog.comhttps://security.netapp.com/advisory/ntap-20220210-0012/Third Party Advisory
reefs@jfrog.comhttps://www.debian.org/security/2023/dsa-5316Third Party Advisory
reefs@jfrog.comhttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
reefs@jfrog.comhttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
reefs@jfrog.comhttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220210-0012/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2023/dsa-5316Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
netty netty *
oracle banking_apis *
oracle banking_apis 19.1
oracle banking_apis 19.2
oracle banking_apis 20.1
oracle banking_apis 21.1
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_digital_experience 21.1
oracle commerce_guided_search 11.3.2
oracle communications_brm_-_elastic_charging_engine *
oracle communications_brm_-_elastic_charging_engine 12.0.0.5.0
oracle communications_cloud_native_core_binding_support_function 1.10.0
oracle communications_diameter_signaling_router *
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
quarkus quarkus *
netapp oncommand_insight -
debian debian_linux 10.0
debian debian_linux 11.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netty:netty:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF41DE29-2A17-4085-9F00-811E461E36EC",
              "versionEndExcluding": "4.1.68",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
              "versionEndIncluding": "18.3",
              "versionStartIncluding": "18.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
              "versionEndExcluding": "12.0.0.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B6B6FE82-7BFA-481D-99D6-789B146CA18B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:quarkus:quarkus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6677F86F-5933-460E-B978-23A4C1407CB0",
              "versionEndExcluding": "2.2.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The Snappy frame decoder function doesn\u0027t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n Snappy frame decoder no restringe la longitud de los trozos, lo que puede conllevar a un uso excesivo de memoria. Adem\u00e1s, tambi\u00e9n puede almacenar en el b\u00fafer trozos omitibles reservados hasta que se reciba el trozo completo, lo que tambi\u00e9n puede conllevar a un uso excesivo de memoria. Esta vulnerabilidad puede desencadenarse al suministrar una entrada maliciosa que se descomprime a un tama\u00f1o muy grande (por medio de un flujo de red o un archivo) o mediante el env\u00edo de un trozo omitido enorme"
    }
  ],
  "id": "CVE-2021-37137",
  "lastModified": "2024-11-21T06:14:43.073",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-19T15:15:07.757",
  "references": [
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5316"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "reefs@jfrog.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2023/dsa-5316"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "reefs@jfrog.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "reefs@jfrog.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-02 04:15
Modified
2024-11-21 05:40
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2634Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2634Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle global_lifecycle_management_opatch *
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F87CF67-6994-43F1-BEC3-DD7D122D0146",
              "versionEndExcluding": "2.7.9.7",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04F30C23-46F8-4F58-807B-002C5E96B7F7",
              "versionEndExcluding": "2.8.11.6",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4,  maneja inapropiadamente la interacci\u00f3n entre la serializaci\u00f3n de gadgets y el tipeo, relacionada a br.com.anteros.dbcp.AnterosDBCPConfig (tambi\u00e9n se conoce como anteros-core)."
    }
  ],
  "id": "CVE-2020-9548",
  "lastModified": "2024-11-21T05:40:50.670",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-02T04:15:11.077",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-10-18 22:29
Modified
2024-11-21 03:51
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
References
security_alert@emc.comhttp://www.securityfocus.com/bid/105703Third Party Advisory, VDB Entry, URL Repurposed
security_alert@emc.comhttps://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing List, Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-15756Vendor Advisory
security_alert@emc.comhttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlNot Applicable, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/105703Third Party Advisory, VDB Entry, URL Repurposed
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-15756Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlNot Applicable, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
vmware spring_framework 5.1.0
oracle agile_plm 9.3.3
oracle agile_plm 9.3.4
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle communications_brm_-_elastic_charging_engine 11.3
oracle communications_brm_-_elastic_charging_engine 12.0
oracle communications_converged_application_server_-_service_controller 6.0
oracle communications_converged_application_server_-_service_controller 6.1
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle communications_element_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_online_mediation_controller 6.1
oracle communications_session_report_manager 8.0.0
oracle communications_session_report_manager 8.1.0
oracle communications_session_report_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_session_report_manager 8.2.1
oracle communications_session_route_manager 8.0.0
oracle communications_session_route_manager 8.1.0
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle communications_unified_inventory_management 7.3
oracle communications_unified_inventory_management 7.4.0
oracle endeca_information_discovery_integrator 3.2.0
oracle enterprise_manager_for_fusion_applications 13.3.0.0
oracle enterprise_manager_ops_center 12.3.3
oracle financial_services_analytical_applications_infrastructure *
oracle flexcube_private_banking 12.0.1
oracle flexcube_private_banking 12.0.3
oracle flexcube_private_banking 12.1.0
oracle goldengate_application_adapters 12.3.2.1.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0.2
oracle identity_manager_connector 9.0
oracle insurance_calculation_engine 9.7
oracle insurance_calculation_engine 10.0
oracle insurance_calculation_engine 10.1
oracle insurance_calculation_engine 10.2
oracle insurance_policy_administration_j2ee 10.0
oracle insurance_policy_administration_j2ee 10.1
oracle insurance_policy_administration_j2ee 10.2
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.0
oracle insurance_policy_administration_j2ee 11.1.0
oracle insurance_policy_administration_j2ee 11.2.0
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.0.2
oracle insurance_rules_palette 11.1.0
oracle insurance_rules_palette 11.2.0
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle primavera_analytics 18.8
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle primavera_gateway 18.8.0
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_advanced_inventory_planning 15.0
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle retail_clearance_optimization_engine 14.0.5
oracle retail_financial_integration 14.0
oracle retail_financial_integration 14.1
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 15.0
oracle retail_integration_bus 15.0.3
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.3
oracle retail_invoice_matching 12.0
oracle retail_invoice_matching 13.0
oracle retail_invoice_matching 13.1
oracle retail_invoice_matching 13.2
oracle retail_invoice_matching 14.0
oracle retail_invoice_matching 14.1
oracle retail_markdown_optimization 13.4.4
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_predictive_application_server 14.0.3
oracle retail_predictive_application_server 14.0.3.26
oracle retail_predictive_application_server 14.1.3
oracle retail_predictive_application_server 14.1.3.37
oracle retail_predictive_application_server 15.0.3
oracle retail_predictive_application_server 15.0.3.100
oracle retail_predictive_application_server 16.0
oracle retail_predictive_application_server 16.0.3
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_service_backbone 16.0.1
oracle retail_xstore_point_of_service 7.1
oracle tape_library_acsls 8.5
oracle webcenter_sites 12.2.1.3.0
oracle weblogic_server 10.3.6.0.0
oracle weblogic_server 12.1.3.0.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "338FFBAA-44A3-4E69-8E07-BD3929C1983B",
              "versionEndExcluding": "4.3.20",
              "versionStartIncluding": "4.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B61BC961-CB33-4FE9-9988-E0820DF7EFC7",
              "versionEndExcluding": "5.0.10",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:5.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C75A3E59-EBDF-4734-8297-0FDD75CEA731",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "512E0604-4D40-49CE-8142-89379A226913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5726AE4-4F63-4793-8948-0546DAA2D50D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5BF676D-EBA7-4CF8-BB36-C71B5502F04C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server_-_service_controller:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "66DCCCD9-2170-4675-A447-FB679BC28A74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15817206-C2AD-47B7-B40F-85BB36DB4E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DDF6809-53A7-4F7D-9FA8-B522BE8F7A21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA86A15F-FAB8-4DF5-95AC-DA3D1CF7A720",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B042935-BC42-4CA8-9379-7F0F894F9653",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B374F86-4EC8-4797-A8C3-5C1FF1DFC9F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0D177F6-25D9-4696-8528-3F57D91BAC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_fusion_applications:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "941E3CB6-013B-4AD4-8D36-2254E6D3C2F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51433748-DED0-416D-8BFE-F3493E13772E",
              "versionEndIncluding": "8.0.8",
              "versionStartIncluding": "8.0.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "11CCF1EE-70D3-40C9-9797-AE6228DA8522",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "50FF641E-E2E8-4641-B7BC-FF862B39EDB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:12.3.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6F259E6-10A8-4207-8FC2-85ABD70B04C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC97EF4-DAB5-4A4C-B5DF-5AD2BF87DDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD581B-1CC0-4236-836A-204BBCBBBF77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:9.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "194DC2C7-92DA-4EC1-BCD5-05C67D4A4781",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "43839DCD-ACA1-4205-90D6-A38CE3005862",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C05CDCFE-78CE-46B2-91DB-B88816E2267F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC3BC82E-4780-4D10-B424-6CD9EFD0F2C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "17347180-9343-4E4C-8B81-7E3AB4CFE255",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "12047B25-F234-4562-9943-63E47EF32684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "10C2E4A0-4E60-4A00-AA60-392A65AC0BB9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B4193-4DB7-4BD9-85FF-8665601E6D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A3BBE71-CA00-4F54-9210-FC7572C87CFB",
              "versionEndIncluding": "4.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E",
              "versionEndIncluding": "8.0.20",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_analytics:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E75BF4-8F7B-4D56-908A-4F73E35C0905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:18.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "99365245-49E8-4616-BD24-CE564AC1D17E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE91D517-D85D-4A8D-90DC-4561BBF8670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "655CF3AE-B649-4282-B727-8B3C5D829C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CFE454-3E73-4A88-ABEE-322139B169A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51D1FAEE-65FD-47EB-9F4D-505C72000F3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C45FF05-FB76-4782-891E-F4A8A4871A22",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C03ED7B-3826-4D6D-89C5-61DE12E27213",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8893CB1D-F18C-404D-BC06-CA2617BFAE58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42227DD8-6671-4B38-9E42-4ACF78F09C97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "69962BD9-A102-4621-9461-018E87261657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05A34B4-A853-456C-BD56-3B3FD6397424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A17D989-66AC-4A17-AB4D-E0EC045FB457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "14285308-8564-4858-8D31-E40E57B27390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.100:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C4C280-B319-411B-8510-9B5319E6D312",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA3D85CE-DAE9-418A-AA94-779546C0D245",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "162C6FD9-AEC2-4EBA-A163-3054840B8ACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
    },
    {
      "lang": "es",
      "value": "Spring Framework 5.1, versiones 5.0.x anteriores a la 5.0.10, versiones 4.3.x anteriores a la 4.3.20 y versiones anteriores no soportadas en la rama de versiones 4.2.x proporciona soporte para peticiones de rango al servir recursos est\u00e1ticos mediante ResourceHttpRequestHandler o, desde la versi\u00f3n 5.0, cuando un controlador anotado devuelve org.springframework.core.io.Resource. Un usuario (o atacante) malicioso puede a\u00f1adir una cabecera de rango con un alto n\u00famero de rangos o con rangos amplios que se superponen, o ambos, para provocar un ataque de denegaci\u00f3n de servicio (DoS). Esta vulnerabilidad afecta a aplicaciones que dependen de spring-webmvc o spring-webflux. Tales aplicaciones tambi\u00e9n deben tener un registro para servir recursos est\u00e1ticos (JS, CSS, im\u00e1genes y otros) o tener un controlador anotado que devuelve org.springframework.core.io.Resource. Las aplicaciones Spring Boot que dependen de spring-boot-starter-web o spring-boot-starter-webflux est\u00e1n preparadas para servir recursos est\u00e1ticos de f\u00e1brica y son, por lo tanto, vulnerables."
    }
  ],
  "id": "CVE-2018-15756",
  "lastModified": "2024-11-21T03:51:24.640",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "security_alert@emc.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-10-18T22:29:00.443",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "URL Repurposed"
      ],
      "url": "http://www.securityfocus.com/bid/105703"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-15756"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "URL Repurposed"
      ],
      "url": "http://www.securityfocus.com/bid/105703"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-15756"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Not Applicable",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-14 17:15
Modified
2024-11-21 04:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2020/05/14/10Mailing List, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2020/05/14/8Mailing List, Third Party Advisory
security@apache.orghttps://camel.apache.org/security/CVE-2020-11972.htmlVendor Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/05/14/10Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2020/05/14/8Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://camel.apache.org/security/CVE-2020-11972.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache camel *
apache camel *
oracle communications_diameter_signaling_router *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75C55090-F0B1-4C9A-913E-3F63F6F1BB85",
              "versionEndIncluding": "2.25.0",
              "versionStartIncluding": "2.22.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D97C4E5-435C-4D5F-958B-67B50F822147",
              "versionEndIncluding": "3.1.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
    },
    {
      "lang": "es",
      "value": "Apache Camel RabbitMQ permite una deserializaci\u00f3n de Java por defecto. Apache Camel versiones 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 hasta 3.1.0 est\u00e1n afectadas. Los usuarios de la versi\u00f3n 2.x deben actualizar a la versi\u00f3n 2.25.1, los usuarios de la versi\u00f3n 3.x deben actualizar a la versi\u00f3n 3.2.0."
    }
  ],
  "id": "CVE-2020-11972",
  "lastModified": "2024-11-21T04:59:01.190",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T17:15:12.117",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/10"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/8"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://camel.apache.org/security/CVE-2020-11972.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/10"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/05/14/8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://camel.apache.org/security/CVE-2020-11972.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-12-28 20:15
Modified
2024-11-21 06:31
Severity ?
6.6 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H
Summary
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/28/1Mailing List, Third Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdfThird Party Advisory
security@apache.orghttps://issues.apache.org/jira/browse/LOG4J2-3293Issue Tracking, Patch, Vendor Advisory
security@apache.orghttps://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143Mailing List, Vendor Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/12/msg00036.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
security@apache.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
security@apache.orghttps://security.netapp.com/advisory/ntap-20220104-0001/Third Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/28/1Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://issues.apache.org/jira/browse/LOG4J2-3293Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143Mailing List, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/12/msg00036.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20220104-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache log4j *
apache log4j *
apache log4j *
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
apache log4j 2.0
oracle communications_diameter_signaling_router *
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle retail_assortment_planning 16.0.3
oracle retail_fiscal_management 14.2
oracle siebel_ui_framework 21.12
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0
cisco cloudcenter 4.10.0.16
fedoraproject fedora 34
fedoraproject fedora 35
debian debian_linux 9.0
oracle communications_brm_-_elastic_charging_engine *
oracle communications_brm_-_elastic_charging_engine 12.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_offline_mediation_controller *
oracle communications_offline_mediation_controller 12.0.0.5.0
oracle flexcube_private_banking 12.1.0
oracle health_sciences_data_management_workbench 2.5.2.1
oracle health_sciences_data_management_workbench 3.0.0.0
oracle health_sciences_data_management_workbench 3.1.0.3
oracle policy_automation *
oracle policy_automation_for_mobile_devices *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle product_lifecycle_analytics 3.6.1
oracle retail_order_broker 18.0
oracle retail_order_broker 19.1
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle retail_xstore_point_of_service 20.0.1
oracle retail_xstore_point_of_service 21.0.1
oracle siebel_ui_framework *
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E5737813-009A-4FDD-AC84-42E871EA1676",
              "versionEndExcluding": "2.3.2",
              "versionStartIncluding": "2.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D1858C4-53AC-4528-B86F-0AB83777B4F4",
              "versionEndExcluding": "2.12.4",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D127EBB0-E86F-4349-96E5-19BD198E0CCA",
              "versionEndExcluding": "2.17.1",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "17854E42-7063-4A55-BF2A-4C7074CC2D60",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta7:*:*:*:*:*:*",
              "matchCriteriaId": "F9D58C21-34AE-4782-8580-816B2F6A8F9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta8:*:*:*:*:*:*",
              "matchCriteriaId": "DCFCBA59-E0DF-46FD-8431-C1043E7AB4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:beta9:*:*:*:*:*:*",
              "matchCriteriaId": "53F32FB2-6970-4975-8BD0-EAE12E9AD03A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B773ED91-1D39-42E6-9C52-D02210DE1A94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "EF24312D-1A62-482E-8078-7EC24758B710",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F42D52-1E43-44E0-8B53-A2A918BDDEC3",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A66F0C7C-4310-489F-8E91-4171D17DB32F",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_fiscal_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5F6FD19-A314-4A1F-96CB-6DB1CED79430",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D62731F-3290-4383-A4F6-5274B4D63B1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:cisco:cloudcenter:4.10.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "66AB39B2-0CE1-4C7E-9E7B-B288A080D584",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6894D860-000E-439D-8AB7-07E9B2ACC31B",
              "versionEndExcluding": "12.0.0.4.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD66C717-85E0-40E7-A51F-549C8196D557",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A2E42A-4EF2-437D-A0EC-4A6A4F1EBD11",
              "versionEndExcluding": "12.0.0.4.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5933FEA2-B79E-4EE7-B821-54D676B45734",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:2.5.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6C9A32B-B776-4704-818D-977B4B20D677",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6989178B-A3D5-4441-A56C-6C639D4759DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_data_management_workbench:3.1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5049591-AA1B-4D64-A925-40D0724074D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6",
              "versionEndIncluding": "12.2.24",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:policy_automation_for_mobile_devices:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9132D7F2-43B3-4595-B8BF-C9DE897087F6",
              "versionEndIncluding": "12.2.24",
              "versionStartIncluding": "12.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:21.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABA57AC-4BBF-4E4F-9F7E-D42472C36EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F",
              "versionEndIncluding": "21.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
    },
    {
      "lang": "es",
      "value": "Las versiones de Apache Log4j2 de la 2.0-beta7 a la 2.17.0 (excluyendo las versiones de correcci\u00f3n de seguridad 2.3.2 y 2.12.4) son vulnerables a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un JDBC Appender con un URI de origen de datos JNDI LDAP cuando un atacante tiene el control del servidor LDAP de destino. Este problema se soluciona limitando los nombres de fuentes de datos JNDI al protocolo java en las versiones 2.17.1, 2.12.4 y 2.3.2 de Log4j2"
    }
  ],
  "id": "CVE-2021-44832",
  "lastModified": "2024-11-21T06:31:34.783",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 8.5,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.6,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.7,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-28T20:15:08.400",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Vendor Advisory"
      ],
      "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-74"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-01 19:15
Modified
2024-11-21 04:55
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.htmlThird Party Advisory
cve@mitre.orghttps://bugzilla.redhat.com/show_bug.cgi?id=1694235Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.htmlThird Party Advisory
cve@mitre.orghttps://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658Patch, Third Party Advisory
cve@mitre.orghttps://github.com/dom4j/dom4j/commits/version-2.0.3Patch, Third Party Advisory
cve@mitre.orghttps://github.com/dom4j/dom4j/issues/87Third Party Advisory
cve@mitre.orghttps://github.com/dom4j/dom4j/releases/tag/version-2.1.3Release Notes, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200518-0002/Third Party Advisory
cve@mitre.orghttps://usn.ubuntu.com/4575-1/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.html
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1694235Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/dom4j/dom4j/commits/version-2.0.3Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/dom4j/dom4j/issues/87Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/dom4j/dom4j/releases/tag/version-2.1.3Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200518-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4575-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
dom4j_project dom4j *
dom4j_project dom4j *
oracle agile_plm 9.3.3
oracle agile_plm 9.3.5
oracle application_testing_suite 13.3.0.1
oracle banking_platform *
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle communications_application_session_controller 3.9m0p1
oracle communications_diameter_signaling_router *
oracle communications_unified_inventory_management 7.3.0
oracle communications_unified_inventory_management 7.4.0
oracle data_integrator 12.2.1.3.0
oracle data_integrator 12.2.1.4.0
oracle documaker *
oracle endeca_information_discovery_integrator 3.2.0
oracle enterprise_data_quality 11.1.1.9.0
oracle enterprise_data_quality 12.2.1.3.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle flexcube_core_banking 11.7.0
oracle flexcube_core_banking 11.8.0
oracle flexcube_core_banking 11.9.0
oracle flexcube_core_banking 11.10.0
oracle fusion_middleware 12.2.1.4.0
oracle health_sciences_empirica_signal 9.0
oracle health_sciences_information_manager 3.0.1
oracle insurance_policy_administration_j2ee *
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_rules_palette *
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette 11.0.2
oracle jdeveloper 12.2.1.4.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_customer_management_and_segmentation_foundation 16.0
oracle retail_customer_management_and_segmentation_foundation 17.0
oracle retail_customer_management_and_segmentation_foundation 18.0
oracle retail_customer_management_and_segmentation_foundation 19.0
oracle retail_integration_bus 15.0
oracle retail_integration_bus 16.0
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_order_broker 18.0
oracle retail_order_broker 19.0
oracle retail_order_broker 19.1
oracle retail_price_management 14.0.3
oracle retail_price_management 14.1.3.0
oracle retail_price_management 15.0.3.0
oracle retail_price_management 16.0.3.0
oracle retail_xstore_point_of_service 15.0.4
oracle retail_xstore_point_of_service 16.0.6
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle storagetek_tape_analytics_sw_tool 2.3
oracle utilities_framework *
oracle utilities_framework 2.2.0.0.0
oracle utilities_framework 4.2.0.2.0
oracle utilities_framework 4.2.0.3.0
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle webcenter_portal 11.1.1.9.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
opensuse leap 15.1
netapp oncommand_api_services -
netapp oncommand_workflow_automation -
netapp snap_creator_framework -
netapp snapcenter -
netapp snapmanager -
netapp snapmanager -
canonical ubuntu_linux 16.04


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D7F74F1-B9EA-4659-9755-B23F7D747685",
              "versionEndExcluding": "2.0.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C2C95BD-A005-44E2-ACE8-633505485D1B",
              "versionEndExcluding": "2.1.3",
              "versionStartIncluding": "2.1.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
              "versionEndIncluding": "2.10.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6092C11-7779-451C-94F9-24FA2F2010FB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A",
              "versionEndIncluding": "12.6.4",
              "versionStartIncluding": "12.6.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCC2C59-BB9B-4BD2-80A4-33B72737FA10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87416B3B-3B2B-486B-B931-19199EF07000",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1102B6BC-D99E-4AC0-9375-FB8517A4A71F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B283B614-9E31-4148-8688-B0672B3A77B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2051BA9E-E635-47D5-B942-8AC26E9487CB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C666FA96-3809-475C-B68F-29E59BD51959",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "951CE1FD-CBFD-4724-919F-CF9B529F0BA5",
              "versionEndIncluding": "16.2.20.1",
              "versionStartIncluding": "16.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B89D2BCD-BA96-4DCF-A8B0-59989AD1BC87",
              "versionEndIncluding": "17.12.17.1",
              "versionStartIncluding": "17.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "18CE17D6-FC25-4FDA-AD28-BD8533C7513A",
              "versionEndIncluding": "18.8.19.0",
              "versionStartIncluding": "18.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DE19678-FB27-4E29-A7BF-232141D52502",
              "versionEndIncluding": "19.12.6.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBEEB907-B163-43FF-86DE-4387123DCC4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFB0BB58-04D3-409D-AECC-9633782F0E75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "47F3EA56-89AF-4AD5-BA19-D32DBDA087A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0791694C-9B4E-42EA-8F6C-899B43B6D769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "312992F0-E65A-4E38-A44C-363A7E157CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1940FD6-39FA-4F92-9625-F215D8051E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "78D8F551-8DC8-4510-8350-AE6BC64748DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D883EED9-CC64-479D-9C0A-35EB16F43AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
              "matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
              "matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
    },
    {
      "lang": "es",
      "value": "dom4j versiones anteriores a 2.0.3 y versiones 2.1.x anteriores a  2.1.3, permite DTDs y External Entities por defecto, lo que podr\u00eda permitir ataques de tipo XXE. Sin embargo, existe una documentaci\u00f3n externa popular de OWASP que muestra c\u00f3mo habilitar el comportamiento seguro no predeterminado en cualquier aplicaci\u00f3n que use dom4j."
    }
  ],
  "id": "CVE-2020-10683",
  "lastModified": "2024-11-21T04:55:50.587",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-01T19:15:12.927",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/issues/87"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4575-1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/issues/87"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4575-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-611"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-16 16:15
Modified
2024-11-21 05:02
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2765Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2765Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200702-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp steelstore_cloud_integrated_storage -
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B92AF50-0155-471E-B5C4-1CFD95F4B7D0",
              "versionEndExcluding": "2.9.10.5",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.5, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y escritura, relacionada con org.jsecurity.realm.jndi.JndiRealmFactory (tambi\u00e9n se conoce como org.jsecurity)"
    }
  ],
  "id": "CVE-2020-14195",
  "lastModified": "2024-11-21T05:02:50.717",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-16T16:15:11.107",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-06 13:29
Modified
2024-11-21 03:59
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/103697Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1272Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103697Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1272Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_integration_bus 14.0.1
oracle retail_integration_bus 14.0.2
oracle retail_integration_bus 14.0.3
oracle retail_integration_bus 14.0.4
oracle retail_integration_bus 14.1.1
oracle retail_integration_bus 14.1.2
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 15.0.0.1
oracle retail_integration_bus 15.0.1
oracle retail_integration_bus 15.0.2
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.1
oracle retail_integration_bus 16.0.2
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-sale 14.0
oracle retail_point-of-sale 14.1
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD987888-3DB7-4BE3-A830-9F915F3C81DF",
              "versionEndExcluding": "4.3.15",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49985DB6-2E55-406F-93A7-A80E49EA3DD7",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22847CAE-3C2C-4C2E-9D2E-47DB4091442E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5A9AB-3DE0-4496-82E5-A2DB5CFDAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E484D25-1753-42A1-9658-8E9CCE8E3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEAFF40-B0C7-4B05-A655-B3F93055FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF4C859-616D-44F9-BE76-589A4E6E8BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE753D-A090-47DE-8EF0-8FDE07576E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAFB538-A395-4C4D-83F7-CD453C0DFB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0CA26F-41D3-433F-9C17-1A4F5066F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27C4D75-3927-4D07-BE16-4204F641A453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A6CF77-09DF-43FD-833A-8DAAE016717A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "632E9828-907F-4F2C-81D5-A74A6DDA2748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, as\u00ed como versiones m\u00e1s antiguas no soportadas, proporciona soporte del lado de cliente a peticiones multipart. Cuando las aplicaciones Spring MVC o Spring WebFlux (servidor A) reciben entradas de un cliente remoto y, a continuaci\u00f3n, emplea esa entrada para realizar una petici\u00f3n multipart a otro servidor (servidor B), pueden verse expuestas a un ataque en el que un multipart extra se inserta en el contenido de la petici\u00f3n del servidor A. Esto provoca que servidor B emplee el valor incorrecto para una parte que espera. Esto podr\u00eda desembocar en el escalado de privilegios, por ejemplo, si el contenido part representa a un nombre de usuario o a roles de usuario."
    }
  ],
  "id": "CVE-2018-1272",
  "lastModified": "2024-11-21T03:59:30.877",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.6,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-06T13:29:00.563",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103697"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1272"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103697"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1272"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-05-11 20:29
Modified
2024-11-21 03:59
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/104222Third Party Advisory, VDB Entry
security_alert@emc.comhttp://www.securitytracker.com/id/1041888Third Party Advisory, VDB Entry
security_alert@emc.comhttp://www.securitytracker.com/id/1041896Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2019:2413Patch, Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1258Vendor Advisory
security_alert@emc.comhttps://security.netapp.com/advisory/ntap-20181018-0002/Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104222Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041888Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1041896Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2413Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1258Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20181018-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
pivotal_software spring_security *
vmware spring_framework 5.0.5
oracle agile_plm 9.3.3
oracle agile_plm 9.3.4
oracle agile_plm 9.3.5
oracle agile_plm 9.3.6
oracle application_testing_suite 10.1
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_network_integrity *
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle endeca_information_discovery_integrator 3.1.0
oracle endeca_information_discovery_integrator 3.2.0
oracle enterprise_manager_for_mysql_database 13.2
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle enterprise_repository 11.1.1.7.0
oracle enterprise_repository 12.1.3.0.0
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle hospitality_guest_access 4.2.0
oracle hospitality_guest_access 4.2.1
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_policy_administration 10.0
oracle insurance_policy_administration 10.1
oracle insurance_policy_administration 10.2
oracle insurance_policy_administration 11.0
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle micros_lucas 2.9.5
oracle mysql_enterprise_monitor *
oracle peoplesoft_enterprise_fin_install 9.2
oracle retail_assortment_planning 14.1
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_financial_integration 13.2
oracle retail_financial_integration 14.0
oracle retail_financial_integration 14.1
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 14.1.2
oracle retail_point-of-service 14.0
oracle retail_point-of-service 14.1
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle retail_xstore_point_of_service 17.0
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4
oracle weblogic_server 10.3.6.0
oracle weblogic_server 12.1.3.0
oracle weblogic_server 12.2.1.2
oracle weblogic_server 12.2.1.3
netapp oncommand_insight -
netapp oncommand_unified_manager *
netapp oncommand_unified_manager *
netapp oncommand_workflow_automation -
netapp snapcenter -
netapp storage_automation_store -
redhat fuse 7.3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:pivotal_software:spring_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "82F4C00B-9F3D-46D2-B10A-204BD055BA5F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:5.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1733D2EB-D792-4566-92BF-DD9EA301B2A2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "AND"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "54634303-BC07-41EF-8C4A-D64D9A32A40E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2",
              "versionEndIncluding": "7.3.6",
              "versionStartIncluding": "7.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C25F23-6800-48A2-881C-C2A2C3FA045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9ED4F724-C92F-4B4F-B631-81A4EA706DB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "900450EB-A71D-4A8E-B8C4-AFD36F9A36B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "68017B52-6597-4E32-A38F-634B5635568C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A19D11A6-BA1D-4121-8686-C177C450777F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D863326-7106-4A08-9072-C72029584403",
              "versionEndIncluding": "8.0.2.8191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_fin_install:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E71BD-DD38-4634-BF9F-092D55000DE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921B7906-A20A-4313-9398-D542A4198BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB5604C-69AF-459D-A82D-8A3B78CF2655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "655CF3AE-B649-4282-B727-8B3C5D829C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CFE454-3E73-4A88-ABEE-322139B169A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "237968A4-AE89-44DC-8BA3-D9651F88883D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0ABB9BAD-9BBD-4B2D-A0ED-7898812B9446",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F745235C-55A9-4353-A4CB-4B7834BDD63F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAE3D682-1434-4789-8B43-679AE86533FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBFF04EF-B1C3-4601-878A-35EA6A15EF0C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "6AADE2A6-B78C-4B9C-8FAB-58DB50F69D84",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_unified_manager:*:*:*:*:*:vsphere:*:*",
              "matchCriteriaId": "7E49ACFC-FD48-4ED7-86E8-68B5B753852C",
              "versionStartIncluding": "9.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:storage_automation_store:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B7A6697-98CC-4E36-93DB-B7160F8399F9",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:fuse:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "407B62F8-F1D8-403D-B342-9EF06D6F128B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
    },
    {
      "lang": "es",
      "value": "La versi\u00f3n 5.0.5 de Spring Framework, cuando se utiliza en combinaci\u00f3n con cualquier versi\u00f3n de Spring Security, contiene un omisi\u00f3n de autorizaci\u00f3n cuando se utiliza la seguridad del m\u00e9todo. Un usuario malicioso no autorizado puede obtener acceso no autorizado a m\u00e9todos que deben ser restringidos."
    }
  ],
  "id": "CVE-2018-1258",
  "lastModified": "2024-11-21T03:59:28.953",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-05-11T20:29:00.260",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104222"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041888"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041896"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2413"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1258"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/104222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041888"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1041896"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2413"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1258"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-04-07 23:15
Modified
2024-11-21 04:58
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2680Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200511-0004/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2680Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200511-0004/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle global_lifecycle_management_opatch *
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con el componente  org.springframework.aop.config.MethodLocatingFactoryBean (tambi\u00e9n se conoce como spring-aop)."
    }
  ],
  "id": "CVE-2020-11619",
  "lastModified": "2024-11-21T04:58:15.730",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-07T23:15:12.077",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-17 19:15
Modified
2024-11-21 05:16
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86bPatch, Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2798Issue Tracking, Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20201009-0003/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86bPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2798Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20201009-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
oracle agile_plm 9.3.6
oracle application_testing_suite 13.3.0.1
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_corporate_lending_process_management 14.2.0
oracle banking_corporate_lending_process_management 14.3.0
oracle banking_corporate_lending_process_management 14.5.0
oracle banking_credit_facilities_process_management 14.2.0
oracle banking_credit_facilities_process_management 14.3.0
oracle banking_credit_facilities_process_management 14.5.0
oracle banking_liquidity_management 14.2
oracle banking_liquidity_management 14.3
oracle banking_liquidity_management 14.5
oracle banking_supply_chain_finance 14.2.0
oracle banking_supply_chain_finance 14.3.0
oracle banking_supply_chain_finance 14.5.0
oracle blockchain_platform *
oracle communications_calendar_server 8.0
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_messaging_server 8.1
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle communications_policy_management 12.5.0
oracle communications_pricing_design_center 12.0.0.4.0
oracle communications_services_gatekeeper 7.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle communications_unified_inventory_management 7.4.1
oracle identity_manager_connector 11.1.1.5.0
oracle siebel_core_-_server_framework *
oracle siebel_ui_framework *
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4892ABAA-57A0-43D3-965C-2D7F4A8A6024",
              "versionEndExcluding": "2.6.7.5",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "96DBACC5-AC30-4F2A-9615-DDC912A188B0",
              "versionEndExcluding": "2.9.10.6",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CF9A061-2421-426D-9854-0A4E55B2961D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F95EDC3D-54BB-48F9-82F2-7CCF335FCA78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B72B735F-4E52-484A-9C2C-23E6E2070385",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B36A1D4-F391-4EE3-9A65-0A10568795BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0275F820-40BE-47B8-B167-815A55DF578E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7FC2BF9-B6D7-420E-9CF5-21AB770B9CC1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4DAB919-54FD-48F8-A664-CD85C0A4A0E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_liquidity_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D5A1417-2C59-431F-BF5C-A2BCFEBC95FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A8420D4-AAF1-44AA-BF28-48EE3ED310B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FB80AC5-35F2-4703-AD93-416B46972EEB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_supply_chain_finance:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "19DAAEFF-AB4A-4D0D-8C86-D2F2811B53B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0DBC938-A782-433F-8BF1-CA250C332AA7",
              "versionEndExcluding": "21.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D55AB36-EDBB-4644-9579-21CE8278ED77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE6D7E4F-FB11-4CED-81DB-D0BD21797C53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0",
              "versionEndIncluding": "8.2.4.0",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB3E2625-08F0-4C8E-B43F-831F0290F0D7",
              "versionEndIncluding": "8.2.2.1",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5AA3C04-30A4-4975-B878-C5777F8BB918",
              "versionEndIncluding": "8.2.2.1",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager_connector:11.1.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D7EA92D-9F26-4292-991A-891597337DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_core_-_server_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9C855EA-6E35-4EFF-ADEB-0EDFF90272BD",
              "versionEndIncluding": "21.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D9E0011-6FF5-4C90-9780-7A1297BB09BF",
              "versionEndIncluding": "21.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.6, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con com.pastdev.httpcomponents.configuration.JndiConfiguration"
    }
  ],
  "id": "CVE-2020-24750",
  "lastModified": "2024-11-21T05:16:00.667",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-17T19:15:13.580",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-02 04:15
Modified
2024-11-21 05:40
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2631Patch, Third Party Advisory
cve@mitre.orghttps://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2631Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200904-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
debian debian_linux 8.0
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_institutional_performance_analytics 8.7.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29BC94E0-FEBC-4E86-825C-0101DC339852",
              "versionEndExcluding": "2.7.9.7",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04F30C23-46F8-4F58-807B-002C5E96B7F7",
              "versionEndExcluding": "2.8.11.6",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB4FBBDC-0AAF-4E9B-9902-02E7B4EF4E68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a  2.9.10.4 maneja inapropiadamente la interacci\u00f3n entre la serializaci\u00f3n de gadgets y el tipeo, relacionada a org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (tambi\u00e9n se conoce como shaded hikari-config)."
    }
  ],
  "id": "CVE-2020-9546",
  "lastModified": "2024-11-21T05:40:50.133",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-02T04:15:10.843",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-09-10 19:15
Modified
2024-11-21 04:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
References
security@apache.orghttp://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txtVendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache activemq 5.15.12
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_repository 11.1.1.7.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:5.15.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EDE9C9F-F991-49CC-A8E8-93CEECA19245",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0331877D-D5DB-4EE8-8220-C1CDC3F90CB0",
              "versionEndIncluding": "8.2.4.0",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA92C6D-4ECE-4E6B-B16D-84F951B09399",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A528287-BF09-4E87-8192-81DBFB57A100",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html \"A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code.\" Mitigation: Upgrade to Apache ActiveMQ 5.15.13"
    },
    {
      "lang": "es",
      "value": "Se ha introducido una regresi\u00f3n en el commit que evita que JMX vuelva a vincularse.\u0026#xa0;Al pasar un mapa de entorno vac\u00edo hacia RMIConnectorServer, en lugar del mapa que contiene las credenciales de autenticaci\u00f3n, deja ActiveMQ abierto al siguiente ataque: https://docs.oracle.com/javase/8/docs/technotes/guides/management/ agent.html. \" Un cliente remoto podr\u00eda crear un MBean javax.management.loading.MLet y usarlo para crear nuevos MBeans a partir de URL arbitrarias, al menos si no existe un administrador de seguridad. En otras palabras, un cliente remoto fraudulento podr\u00eda hacer que la aplicaci\u00f3n ejecute c\u00f3digo arbitrario\".\u0026#xa0;Mitigaci\u00f3n: actualizaci\u00f3n a Apache ActiveMQ versi\u00f3n 5.15.13"
    }
  ],
  "id": "CVE-2020-11998",
  "lastModified": "2024-11-21T04:59:05.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-09-10T19:15:13.083",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-10-25 06:15
Modified
2024-11-21 05:48
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Summary
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
References
security@php.nethttp://www.openwall.com/lists/oss-security/2021/10/26/7Mailing List, Patch, Third Party Advisory
security@php.nethttps://bugs.php.net/bug.php?id=81026Exploit, Issue Tracking, Patch, Vendor Advisory
security@php.nethttps://lists.debian.org/debian-lts-announce/2021/10/msg00021.htmlMailing List, Third Party Advisory
security@php.nethttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
security@php.nethttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
security@php.nethttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
security@php.nethttps://security.gentoo.org/glsa/202209-20Third Party Advisory
security@php.nethttps://security.netapp.com/advisory/ntap-20211118-0003/Third Party Advisory
security@php.nethttps://www.debian.org/security/2021/dsa-4992Third Party Advisory
security@php.nethttps://www.debian.org/security/2021/dsa-4993Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Vendor Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/10/26/7Mailing List, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=81026Exploit, Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/10/msg00021.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202209-20Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211118-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4992Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4993Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
php php *
php php *
php php *
debian debian_linux 9.0
debian debian_linux 10.0
debian debian_linux 11.0
fedoraproject fedora 33
fedoraproject fedora 34
fedoraproject fedora 35
netapp clustered_data_ontap -
oracle communications_diameter_signaling_router *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FFE0A10-A39D-4BFA-A081-AA87CDCB56BB",
              "versionEndIncluding": "7.3.31",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E775E547-4990-4809-BE21-7E9B99059F1C",
              "versionEndExcluding": "7.4.25",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5633A8ED-60EF-4F14-A120-82A36BBD55A8",
              "versionEndExcluding": "8.0.12",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
              "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
              "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
              "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "590ADE5F-0D0F-4576-8BA6-828758823442",
              "versionEndIncluding": "8.5.0.2",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user."
    },
    {
      "lang": "es",
      "value": "En PHP versiones 7.3.x hasta 7.3.31 incluy\u00e9ndola, versiones 7.4.x  y por debajo de 7.4.25 y versiones 8.0.x por debajo de 8.0. 12, cuando es ejecutado PHP FPM SAPI con el proceso demonio FPM principal ejecutado como root y los procesos worker hijos ejecutados como usuarios menos privilegiados, es posible que los procesos hijos accedan a la memoria compartida con el proceso principal y escriban en ella, modific\u00e1ndola de forma que causar\u00eda que el proceso root realizara lecturas y escrituras de memoria no v\u00e1lidas, que puede ser usado para escalar los privilegios del usuario local sin privilegios al usuario root"
    }
  ],
  "id": "CVE-2021-21703",
  "lastModified": "2024-11-21T05:48:52.000",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.1,
        "impactScore": 6.0,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-25T06:15:06.563",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=81026"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
    },
    {
      "source": "security@php.net",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
    },
    {
      "source": "security@php.net",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
    },
    {
      "source": "security@php.net",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-20"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4992"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4993"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=81026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202209-20"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4992"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-4993"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-284"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-05 14:15
Modified
2024-11-21 04:55
Severity ?
8.2 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Summary
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podThird Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/compare/v5.30.2...v5.30.3Third Party Advisory
cve@mitre.orghttps://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03edPatch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
cve@mitre.orghttps://security.gentoo.org/glsa/202006-03Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200611-0001/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03edPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202006-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200611-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
perl perl *
fedoraproject fedora 31
opensuse leap 15.1
oracle communications_billing_and_revenue_management 12.0.0.2.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_diameter_signaling_router *
oracle communications_eagle_application_processor *
oracle communications_eagle_lnp_application_processor 10.1
oracle communications_eagle_lnp_application_processor 10.2
oracle communications_eagle_lnp_application_processor 46.7
oracle communications_eagle_lnp_application_processor 46.8
oracle communications_eagle_lnp_application_processor 46.9
oracle communications_lsms *
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle communications_performance_intelligence_center *
oracle communications_performance_intelligence_center *
oracle communications_pricing_design_center 12.0.0.3.0
oracle configuration_manager 12.1.2.0.8
oracle enterprise_manager_base_platform 13.4.0.0
oracle sd-wan_edge 8.2
oracle sd-wan_edge 9.0
oracle sd-wan_edge 9.1
oracle tekelec_platform_distribution *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:x86:*",
              "matchCriteriaId": "FF17E933-217A-4DDA-91C2-FEF2739550A1",
              "versionEndExcluding": "5.30.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
              "versionEndIncluding": "16.4.0",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
              "versionEndIncluding": "13.4",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
              "versionEndIncluding": "10.3.0.2.1",
              "versionStartIncluding": "10.3.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
              "versionEndIncluding": "10.4.0.3.1",
              "versionStartIncluding": "10.4.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "78C99571-0F3C-43E6-84B3-7D80E045EF8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "77E39D5C-5EFA-4FEB-909E-0A92004F2563",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_edge:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "06816711-7C49-47B9-A9D7-FB18CC3F42F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
              "versionEndIncluding": "7.7.1",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
    },
    {
      "lang": "es",
      "value": "Perl versiones anteriores a 5.30.3 en plataformas de 32 bits permite un desbordamiento del b\u00fafer en la regi\u00f3n heap de la memoria porque los cuantificadores de expresiones regulares anidadas presentan un desbordamiento de enteros"
    }
  ],
  "id": "CVE-2020-10543",
  "lastModified": "2024-11-21T04:55:32.927",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.2,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-05T14:15:10.467",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-03"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        },
        {
          "lang": "en",
          "value": "CWE-787"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-12-17 19:15
Modified
2024-11-21 05:27
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
References
cve@mitre.orghttps://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062Exploit, Technical Description, Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2986Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20210122-0005/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2986Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210122-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
netapp service_level_manager -
debian debian_linux 9.0
oracle agile_plm 9.3.6
oracle application_testing_suite 13.3.0.1
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.8.0
oracle banking_platform 2.9.0
oracle banking_platform 2.10.0
oracle banking_treasury_management 14.4
oracle banking_virtual_account_management 14.2.0
oracle banking_virtual_account_management 14.3.0
oracle banking_virtual_account_management 14.5.0
oracle blockchain_platform *
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_cloud_native_core_unified_data_repository 1.4.0
oracle communications_diameter_signaling_router *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_offline_mediation_controller 12.0.0.3
oracle communications_pricing_design_center 12.0.0.4.0
oracle communications_services_gatekeeper 7.0
oracle communications_unified_inventory_management 7.4.1
oracle documaker 12.6.3
oracle documaker 12.6.4
oracle insurance_policy_administration_j2ee 11.2.0
oracle retail_merchandising_system 15.0.3
oracle retail_xstore_point_of_service 16.0.6
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49F38029-9D32-499B-B5D4-C4FFDD9B1728",
              "versionEndExcluding": "2.9.10.8",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C28ED-C5AA-40B9-9B26-6A91D20B3E1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB612B4A-27C4-491E-AABD-6CAADE2E249E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1534C11-E3F5-49F3-8F8D-7C5C90951E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1111BCFD-E336-4B31-A87E-76C684AC6DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A50522C-E7AC-4F6F-A340-CF6173FA4D4E",
              "versionEndIncluding": "21.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1BC31C-6016-42A8-9517-2FBBC92620CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34019365-E6E3-4DBC-89EA-5783A29B61B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1427F8-50F3-45B2-8836-A80ADA70F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B4193-4DB7-4BD9-85FF-8665601E6D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C9BB48-50B2-4735-9E2F-E492C708C36D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con org.apache.commons.dbcp2.datasources.PerUserPoolDataSource"
    }
  ],
  "id": "CVE-2020-35490",
  "lastModified": "2024-11-21T05:27:24.163",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-17T19:15:14.417",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-12-18 12:15
Modified
2024-11-21 06:31
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
security@apache.orghttp://www.openwall.com/lists/oss-security/2021/12/19/1Mailing List, Mitigation, Third Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfThird Party Advisory
security@apache.orghttps://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfThird Party Advisory
security@apache.orghttps://logging.apache.org/log4j/2.x/security.htmlRelease Notes, Vendor Advisory
security@apache.orghttps://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20211218-0001/Third Party Advisory
security@apache.orghttps://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
security@apache.orghttps://www.debian.org/security/2021/dsa-5024Third Party Advisory
security@apache.orghttps://www.kb.cert.org/vuls/id/930724Third Party Advisory, US Government Resource
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
security@apache.orghttps://www.zerodayinitiative.com/advisories/ZDI-21-1541/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/12/19/1Mailing List, Mitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://logging.apache.org/log4j/2.x/security.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20211218-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-5024Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.kb.cert.org/vuls/id/930724Third Party Advisory, US Government Resource
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.zerodayinitiative.com/advisories/ZDI-21-1541/Third Party Advisory, VDB Entry
Impacted products
Vendor Product Version
apache log4j *
apache log4j *
apache log4j *
netapp cloud_manager -
debian debian_linux 10.0
debian debian_linux 11.0
sonicwall email_security *
sonicwall network_security_manager *
sonicwall network_security_manager *
sonicwall web_application_firewall *
sonicwall 6bk1602-0aa12-0tp0_firmware *
sonicwall 6bk1602-0aa12-0tp0 -
sonicwall 6bk1602-0aa22-0tp0_firmware *
sonicwall 6bk1602-0aa22-0tp0 -
sonicwall 6bk1602-0aa32-0tp0_firmware *
sonicwall 6bk1602-0aa32-0tp0 -
sonicwall 6bk1602-0aa42-0tp0_firmware *
sonicwall 6bk1602-0aa42-0tp0 -
sonicwall 6bk1602-0aa52-0tp0_firmware *
sonicwall 6bk1602-0aa52-0tp0 -
oracle agile_engineering_data_management 6.2.1.0
oracle agile_plm 9.3.6
oracle agile_plm_mcad_connector 3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_deposits_and_lines_of_credit_servicing 2.12.0
oracle banking_enterprise_default_management 2.7.1
oracle banking_enterprise_default_management 2.12.0
oracle banking_loans_servicing 2.12.0
oracle banking_party_management 2.7.0
oracle banking_payments 14.5
oracle banking_platform 2.6.2
oracle banking_platform 2.7.1
oracle banking_platform 2.12.0
oracle banking_trade_finance 14.5
oracle banking_treasury_management 14.5
oracle business_intelligence 5.5.0.0.0
oracle communications_asap 7.3
oracle communications_billing_and_revenue_management 12.0.0.4
oracle communications_billing_and_revenue_management 12.0.0.5
oracle communications_cloud_native_core_console 1.9.0
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.10.0
oracle communications_cloud_native_core_network_repository_function 1.15.0
oracle communications_cloud_native_core_network_repository_function 1.15.1
oracle communications_cloud_native_core_network_slice_selection_function 1.8.0
oracle communications_cloud_native_core_policy 1.15.0
oracle communications_cloud_native_core_security_edge_protection_proxy 1.7.0
oracle communications_cloud_native_core_service_communication_proxy 1.15.0
oracle communications_cloud_native_core_unified_data_repository 1.15.0
oracle communications_convergence 3.0.2.2.0
oracle communications_convergence 3.0.3.0
oracle communications_convergent_charging_controller *
oracle communications_convergent_charging_controller 6.0.1.0.0
oracle communications_diameter_signaling_router *
oracle communications_eagle_element_management_system 46.6
oracle communications_eagle_ftp_table_base_retrieval 4.5
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_ip_service_activator 7.4.0
oracle communications_messaging_server 8.1
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1.0.0
oracle communications_network_integrity 7.3.6
oracle communications_performance_intelligence_center 10.4.0.3
oracle communications_pricing_design_center 12.0.0.4
oracle communications_pricing_design_center 12.0.0.5
oracle communications_service_broker 6.2
oracle communications_services_gatekeeper 7.0
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle communications_unified_inventory_management 7.3.5
oracle communications_unified_inventory_management 7.4.1
oracle communications_unified_inventory_management 7.4.2
oracle communications_user_data_repository 12.4
oracle communications_webrtc_session_controller 7.2.0.0
oracle communications_webrtc_session_controller 7.2.1
oracle data_integrator 12.2.1.3.0
oracle data_integrator 12.2.1.4.0
oracle e-business_suite 12.2
oracle enterprise_manager_base_platform 13.4.0.0
oracle enterprise_manager_base_platform 13.5.0.0
oracle enterprise_manager_for_peoplesoft 13.4.1.1
oracle enterprise_manager_for_peoplesoft 13.5.1.1
oracle enterprise_manager_ops_center 12.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_model_management_and_governance 8.0.8.0.0
oracle financial_services_model_management_and_governance 8.1.0.0.0
oracle financial_services_model_management_and_governance 8.1.1.0.0
oracle flexcube_universal_banking *
oracle flexcube_universal_banking *
oracle flexcube_universal_banking 11.83.3
oracle flexcube_universal_banking 14.5
oracle health_sciences_empirica_signal 9.1.0.6
oracle health_sciences_empirica_signal 9.2.0.0
oracle health_sciences_inform 6.2.1.1
oracle health_sciences_inform 6.3.2.1
oracle health_sciences_inform 7.0.0.0
oracle health_sciences_information_manager *
oracle healthcare_data_repository 8.1.1
oracle healthcare_foundation *
oracle healthcare_master_person_index 5.0.1
oracle healthcare_translational_research 4.1.0
oracle healthcare_translational_research 4.1.1
oracle hospitality_suite8 8.13.0
oracle hospitality_suite8 8.14.0
oracle hospitality_token_proxy_service 19.2
oracle hyperion_bi\+ *
oracle hyperion_data_relationship_management *
oracle hyperion_infrastructure_technology *
oracle hyperion_planning *
oracle hyperion_profitability_and_cost_management *
oracle hyperion_tax_provision *
oracle identity_management_suite 12.2.1.3.0
oracle identity_management_suite 12.2.1.4.0
oracle identity_manager_connector 9.1.0
oracle instantis_enterprisetrack 17.1
oracle instantis_enterprisetrack 17.2
oracle instantis_enterprisetrack 17.3
oracle insurance_data_gateway 1.0.1
oracle insurance_insbridge_rating_and_underwriting *
oracle insurance_insbridge_rating_and_underwriting 5.2.0
oracle insurance_insbridge_rating_and_underwriting 5.6.1.0
oracle jdeveloper 12.2.1.4.0
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle management_cloud_engine 1.5.0
oracle mysql_enterprise_monitor *
oracle payment_interface 19.1
oracle payment_interface 20.3
oracle peoplesoft_enterprise_peopletools 8.58
oracle peoplesoft_enterprise_peopletools 8.59
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 21.12.0
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management *
oracle primavera_p6_enterprise_project_portfolio_management 21.12.0.0
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle primavera_unifier 21.12
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0.2
oracle retail_customer_insights 16.0.2
oracle retail_data_extractor_for_merchandising 15.0.2
oracle retail_data_extractor_for_merchandising 16.0.2
oracle retail_eftlink 16.0.3
oracle retail_eftlink 17.0.2
oracle retail_eftlink 18.0.1
oracle retail_eftlink 19.0.1
oracle retail_eftlink 20.0.1
oracle retail_eftlink 21.0.0
oracle retail_financial_integration *
oracle retail_financial_integration 14.1.3.2
oracle retail_financial_integration 15.0.3.1
oracle retail_financial_integration 19.0.0
oracle retail_financial_integration 19.0.1
oracle retail_integration_bus *
oracle retail_integration_bus *
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 14.1.3.2
oracle retail_integration_bus 15.0.3.1
oracle retail_integration_bus 19.0.0
oracle retail_integration_bus 19.0.1
oracle retail_invoice_matching 15.0.3
oracle retail_invoice_matching 16.0.3
oracle retail_merchandising_system 16.0.3
oracle retail_merchandising_system 19.0.1
oracle retail_order_broker 16.0
oracle retail_order_broker 18.0
oracle retail_order_broker 19.1
oracle retail_order_management_system 19.5
oracle retail_point-of-service 14.1
oracle retail_predictive_application_server 14.1.3.46
oracle retail_predictive_application_server 15.0.3.115
oracle retail_predictive_application_server 16.0.3.240
oracle retail_price_management 13.2
oracle retail_price_management 14.0.4
oracle retail_price_management 14.1.3.0
oracle retail_price_management 15.0.3.0
oracle retail_price_management 16.0.3.0
oracle retail_returns_management 14.1
oracle retail_service_backbone *
oracle retail_service_backbone 14.1.3
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 15.0.3.1
oracle retail_service_backbone 19.0.0
oracle retail_service_backbone 19.0.1
oracle retail_service_backbone 19.0.1.0
oracle retail_store_inventory_management 14.0.4.13
oracle retail_store_inventory_management 14.1.3.5
oracle retail_store_inventory_management 14.1.3.14
oracle retail_store_inventory_management 15.0.3.3
oracle retail_store_inventory_management 15.0.3.8
oracle retail_store_inventory_management 16.0.3.7
oracle siebel_ui_framework *
oracle sql_developer *
oracle taleo_platform *
oracle utilities_framework *
oracle utilities_framework 4.4.0.0.0
oracle utilities_framework 4.4.0.2.0
oracle utilities_framework 4.4.0.3.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle webcenter_sites 12.2.1.3.0
oracle webcenter_sites 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0
oracle weblogic_server 14.1.1.0.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "42BCB94E-86D2-4B98-B9E6-5789F2272692",
              "versionEndExcluding": "2.3.1",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19DA22A8-0B29-4181-B44E-57D28D9DB331",
              "versionEndExcluding": "2.12.3",
              "versionStartIncluding": "2.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:log4j:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "61E2AC03-D49B-4A15-BDA4-61DAF142CEED",
              "versionEndIncluding": "2.16.0",
              "versionStartIncluding": "2.13.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "197D0D80-6702-4B61-B681-AFDBA7D69067",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sonicwall:email_security:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "421BCD43-8ECC-4B1E-9F3E-C20BB2BC672A",
              "versionEndIncluding": "10.0.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:on-premises:*:*:*",
              "matchCriteriaId": "1EA49667-8F94-4091-B9A9-A94318D83C24",
              "versionEndExcluding": "3.0",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:network_security_manager:*:*:*:*:saas:*:*:*",
              "matchCriteriaId": "7C1B257C-9442-4C73-91CB-67893A78F0DF",
              "versionEndExcluding": "3.0",
              "versionStartIncluding": "2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sonicwall:web_application_firewall:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD1E667A-9CAA-4382-957A-E4F1A4960E0C",
              "versionEndExcluding": "3.1.0",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa12-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B407FBDB-7900-4F69-B745-809277F26050",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa12-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AF56AD-FBAF-4AB8-B04D-1E28BF10B767",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa22-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E3103225-6440-43F4-9493-131878735B2A",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa22-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B3A0115-86AB-4677-A026-D99B971D9EF5",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa32-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "914A44DE-C4AA-45A0-AC26-5FAAF576130E",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa32-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D1C62CF-414A-4670-9F19-C11A381DB830",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa42-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "75359CC5-58A7-4B5A-B9BF-BDE59552EF1C",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa42-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "706A3F00-8489-4735-B09B-34528F7C556A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:sonicwall:6bk1602-0aa52-0tp0_firmware:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C23D02B7-C9A7-4ED9-AE71-765F01ACA55C",
              "versionEndExcluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:h:sonicwall:6bk1602-0aa52-0tp0:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9DCB171-E4C8-4472-8023-20992ABB9348",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm_mcad_connector:3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0C0714E-4255-4095-B26C-70EB193B8F98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_deposits_and_lines_of_credit_servicing:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F834ACC-D65B-4CA3-91F1-415CBC6077E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "473749BD-267E-480F-8E7F-C762702DB66E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_loans_servicing:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5E502A46-BAF4-4558-BC8F-9F014A2FB26A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_party_management:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C542DC5E-6657-4178-9C69-46FD3C187D56",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_payments:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "633E5B20-A7A7-4346-A71D-58121B006D00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "64750C01-21AC-4947-B674-6690EAAAC5DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C3D0063-9458-4018-9B92-79A219716C10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_intelligence:5.5.0.0.0:*:*:*:enterprise:*:*:*",
              "matchCriteriaId": "D40AD626-B23A-44A3-A6C0-1FFB4D647AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_asap:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "3141B86F-838D-491A-A8ED-3B7C54EA89C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "123CB9B5-C800-47FD-BD0C-BE44198E97E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_console:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DAAB7154-4DE8-4806-86D0-C1D33B84417B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2A5B24D-BDF2-423C-98EA-A40778C01A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F60E32F-0CA0-4C2D-9848-CB92765A9ACB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_repository_function:1.15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF616620-88CE-4A77-B904-C1728A2E6F9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_network_slice_selection_function:1.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3AA09838-BF13-46AC-BB97-A69F48B73A8A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4367D9B-BF81-47AD-A840-AC46317C774D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_security_edge_protection_proxy:1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD4349FE-EEF8-489A-8ABF-5FCD55EC6DE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_service_communication_proxy:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "175B97A7-0B00-4378-AD9F-C01B6D9FD570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EAA723-2A23-4151-930B-86ACF9CC1C0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DF939F5-C0E1-40A4-95A2-0CE7A03AB4EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:3.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEC452FA-D1D5-4175-9371-F6055818192E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8",
              "versionEndIncluding": "12.0.4.0.0",
              "versionStartIncluding": "12.0.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9550113-7423-48D8-A1C7-95D6AEE9B33C",
              "versionEndIncluding": "8.5.1.0",
              "versionStartIncluding": "8.3.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_element_management_system:46.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FDD479D-9070-42E2-A8B1-9497BC4C0CF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_ftp_table_base_retrieval:4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C68536CA-C7E2-4228-A6B8-F0DB6A9D29EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "02712DD6-D944-4452-8015-000B9851D257",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26940103-F37C-4FBD-BDFD-528A497209D6",
              "versionEndIncluding": "12.0.4.0.0",
              "versionStartIncluding": "12.0.1.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:10.4.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "00E9A2B1-7562-4E6B-AE25-1B647F24EFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "53600579-4542-4D80-A93C-3E45938C749D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_service_broker:6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6235EAE-47DD-4292-9941-6FF8D0A83843",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "274BCA96-2E6A-4B77-B69E-E2093A668D28",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D4B738B-08CF-44F6-A939-39F5BEAF03B2",
              "versionEndExcluding": "9.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E43D793A-7756-4D58-A8ED-72DC4EC9CEA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_user_data_repository:12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FAF2403-99A1-4DBC-BAC4-35D883D8E5D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4AA6214-A85D-4BF4-ABBF-0E4F8B7DA817",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_webrtc_session_controller:7.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1F05AF4B-A747-4314-95AE-F8495479AB3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:e-business_suite:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B3C968F-4038-4A8D-A345-8CD3F73A653B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "615C7D0D-A9D5-43BA-AF61-373EC1095354",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_peoplesoft:13.5.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F772DC1-F93E-43A4-81DA-A2A1E204C5D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C",
              "versionEndIncluding": "8.1.1",
              "versionStartIncluding": "8.0.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.0.8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F033C6C8-61D9-41ED-94E6-63BE7BA22EFC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B829B72-7DE0-415F-A1AF-51637F134B76",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:8.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF8DC5FD-09DE-446F-879B-DB86C0CC95B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0148D20-089E-4C19-8CA3-07598D8AFBF1",
              "versionEndIncluding": "12.4",
              "versionStartIncluding": "12.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "54BE0CCE-8216-4CCF-96E1-38EF76124368",
              "versionEndIncluding": "14.3.0",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:11.83.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0017AE8C-DBCA-46B4-A036-DF0E289199D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_universal_banking:14.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "609645BF-B34F-40AC-B9C9-C3FB870F4ED2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.1.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "67013CB6-5FA6-438B-A131-5AEDEBC66723",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC5F6E6-3515-439B-9665-3B6151CEF577",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB4F0E6-3B36-4736-B2F2-CB2A16309F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform:6.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E72CF27-6E5F-404E-B5DF-B470C99AF5E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_inform:7.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51BCEC65-25B7-480C-860C-9D97F78CCE3F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16AEA21E-0B11-44A5-8BFB-550521D8E0D5",
              "versionEndIncluding": "3.0.4",
              "versionStartIncluding": "3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F69F8F6-BA2D-4DC6-BAB2-B9155F8B45CD",
              "versionEndIncluding": "7.3.0.4",
              "versionStartIncluding": "7.3.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:5.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10774601-93C3-4938-A3E7-3C3D97A6F73C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A3C700-710A-4A0A-A2D4-ABB7AAC9B128",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_token_proxy_service:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7D45E2D-241B-4839-B255-A81107BF94BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_bi\\+:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C083F1E-8BF2-48C7-92FB-BD105905258E",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_data_relationship_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8E7FBA9-0FFF-4C86-B151-28C17A142E0B",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "55BBCD48-BCC6-4E19-A4CE-970E524B9FF4",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_planning:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C3E11E28-78AA-42BB-927D-D22CBDDD62B9",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_profitability_and_cost_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "30927787-2815-4BEF-A7C2-960F92238303",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hyperion_tax_provision:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C0ABD2DC-9357-4097-BE62-BB7A4988A01F",
              "versionEndExcluding": "11.2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1489DDA7-EDBE-404C-B48D-F0B52B741708",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "535BC19C-21A1-48E3-8CC0-B276BA5D494E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager_connector:9.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8508EF23-43DC-431F-B410-FD0BA897C371",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_data_gateway:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B85A426-5714-4CEA-8A97-720F882B2D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "604FBBC9-04DC-49D2-AB7A-6124256431AF",
              "versionEndIncluding": "5.6.0.0",
              "versionStartIncluding": "5.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.6.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B8AA91A-1880-43CD-938D-48EF58ACF2CF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:management_cloud_engine:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F66C747-733F-46A1-9A6B-EEB1A1AEC45D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0EBAC6D-D0CE-42A1-AEA0-2D50C8035747",
              "versionEndIncluding": "8.0.29",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:payment_interface:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D01A0EC-3846-4A74-A174-3797078DC699",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:payment_interface:20.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "03E5FCFB-093A-48E9-8A4E-34C993D2764E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A621A5AE-6974-4BA5-B1AC-7130A46F68F5",
              "versionEndIncluding": "18.8.13",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4096281D-2EBA-490D-8180-3C9D05EB890A",
              "versionEndIncluding": "19.12.12",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
              "versionEndIncluding": "20.12.7",
              "versionStartIncluding": "20.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:21.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "15F45363-236B-4040-8AE4-C6C0E204EDBA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD0DEC50-F4CD-4ACA-A118-D4F0D4F4C981",
              "versionEndIncluding": "19.12.18.0",
              "versionStartIncluding": "19.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "651104CE-0569-4E6D-ACAB-AD2AC85084DD",
              "versionEndIncluding": "20.12.12.0",
              "versionStartIncluding": "20.12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:21.12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "45D89239-9142-46BD-846D-76A5A74A67B1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3D1C35DF-D30D-42C8-B56D-C809609AB2A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "834B4CE7-042E-489F-AE19-0EEA2C37E7A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82653579-FF7D-4492-9CA2-B3DF6A708831",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_data_extractor_for_merchandising:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D2EB48-F9A2-4D23-81C5-4B30F2D785DF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3796186-D3A7-4259-846B-165AD9CEB7F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:17.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEDA5540-692D-47DA-9F68-83158D9AE628",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:18.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5435583-C454-4AC9-8A35-D2D30EB252EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2140357-503A-4D2A-A099-CFA4DC649E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BAE5686-8E11-4EF1-BC7E-5C565F2440C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_eftlink:21.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4B95628-F108-424A-8C19-40A5F5B7D37B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E03B340-8C77-4DFA-8536-C57656E237D0",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B7B0B33-2361-4CF5-8075-F609858A582E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A921C710-1C59-429F-B985-67C0DBFD695E",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B9E458AF-0EEC-453E-AA9D-6C79211000AC",
              "versionEndIncluding": "19.0.1.0",
              "versionStartIncluding": "19.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFDF4CB0-4680-449A-8576-915721D59500",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0472632-4104-4397-B619-C4E86A748465",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48E25E7C-F7E8-4739-8251-00ACD11C12FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.46:*:*:*:*:*:*:*",
              "matchCriteriaId": "9002379B-4FDA-44F3-98EB-0C9B6083E429",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.115:*:*:*:*:*:*:*",
              "matchCriteriaId": "476B038D-7F60-482D-87AD-B58BEA35558E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.240:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB86C644-7B79-4F87-A06D-C178E8C2B8B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C19C5CC9-544A-4E4D-8F0A-579BB5270F07",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E1A9B0C-735A-40B4-901C-663CF5162E96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0791694C-9B4E-42EA-8F6C-899B43B6D769",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "312992F0-E65A-4E38-A44C-363A7E157CE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1940FD6-39FA-4F92-9625-F215D8051E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0CE45891-A6A5-4699-90A6-6F49E60A7987",
              "versionEndIncluding": "16.0.3",
              "versionStartIncluding": "16.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7FCC976-615C-4DE5-9F50-1B25E9553962",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D14A54A-4B04-41DE-B731-844D8AC3BE23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D57F5CB-E566-450F-B7D7-DD771F7C746C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.0.4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "88458537-6DE8-4D79-BC71-9D08883AD0C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E310654-0793-41CC-B049-C754AC31D016",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1.3.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C5B22C6-97AF-4D1B-84C9-987C6F62C401",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFD9AAE5-9472-49C6-B054-DB76BEB86D35",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A104FDBD-0B28-44EE-91A0-A0C8939865A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2D60A4D-BB4F-4177-AFA8-A8DC8C111FB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F",
              "versionEndIncluding": "21.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sql_developer:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C470BAD-F7E2-4802-B1BE-E71EBB073DA1",
              "versionEndExcluding": "21.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:taleo_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E1A18FB-85E6-4C5D-8F8A-12F86EDC6A2D",
              "versionEndExcluding": "22.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D551CAB1-4312-44AA-BDA8-A030817E153A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "174A6D2E-E42E-4C92-A194-C6A820CD7EF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
    },
    {
      "lang": "es",
      "value": "Apache Log4j2 versiones 2.0-alpha1 hasta 2.16.0 (excluyendo las versiones 2.12.3 y 2.3.1) no proteg\u00edan de la recursi\u00f3n no controlada de las b\u00fasquedas autorreferenciales. Esto permite a un atacante con control sobre los datos de Thread Context Map causar una denegaci\u00f3n de servicio cuando es interpretada una cadena dise\u00f1ada. Este problema se ha corregido en Log4j versiones 2.17.0, 2.12.3 y 2.3.1"
    }
  ],
  "id": "CVE-2021-45105",
  "lastModified": "2024-11-21T06:31:58.170",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-12-18T12:15:07.433",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5024"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://logging.apache.org/log4j/2.x/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2021/dsa-5024"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.kb.cert.org/vuls/id/930724"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "security@apache.org",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        },
        {
          "lang": "en",
          "value": "CWE-674"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2664Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2664Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle global_lifecycle_management_opatch *
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionado con org.apache.activemq.* (tambi\u00e9n se conoce como activemq-jms, activemq-core, activemq-pool, y activemq-pool-jms)."
    }
  ],
  "id": "CVE-2020-11111",
  "lastModified": "2024-11-21T04:56:48.703",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-31T05:15:13.007",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-17 19:15
Modified
2024-11-21 05:34
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.
References
security@pivotal.iohttps://pivotal.io/security/cve-2020-5397Exploit, Vendor Advisory
security@pivotal.iohttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpujul2022.html
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
security@pivotal.iohttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2020-5397Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.html
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
oracle application_testing_suite 13.3.0.1
oracle communications_brm_-_elastic_charging_engine 11.3
oracle communications_brm_-_elastic_charging_engine 12.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_policy_management 12.5.0
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle enterprise_manager_base_platform 13.2.1.0
oracle financial_services_regulatory_reporting_with_agilereporter 8.0.9.2.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle healthcare_master_person_index 4.0.2
oracle insurance_calculation_engine *
oracle insurance_policy_administration_j2ee 10.2.0
oracle insurance_policy_administration_j2ee 10.2.4
oracle insurance_policy_administration_j2ee 11.0.2
oracle insurance_policy_administration_j2ee 11.1.0
oracle insurance_policy_administration_j2ee 11.2.0
oracle insurance_rules_palette 10.2.0
oracle insurance_rules_palette 10.2.4
oracle insurance_rules_palette 11.0.2
oracle insurance_rules_palette 11.1.0
oracle insurance_rules_palette 11.2.0
oracle mysql_enterprise_monitor *
oracle mysql_enterprise_monitor *
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_assortment_planning 15.0
oracle retail_assortment_planning 16.0
oracle retail_back_office 14.1
oracle retail_central_office 14.1
oracle retail_financial_integration 15.0
oracle retail_financial_integration 16.0
oracle retail_integration_bus 15.0.3
oracle retail_integration_bus 16.0.3
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-service 14.1
oracle retail_predictive_application_server 14.0.3
oracle retail_predictive_application_server 14.1.3
oracle retail_predictive_application_server 15.0.3.0
oracle retail_predictive_application_server 16.0.3.0
oracle retail_returns_management 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BC92F79-CBF6-4627-853B-DB9C61061F38",
              "versionEndExcluding": "5.2.3",
              "versionStartIncluding": "5.2.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "512E0604-4D40-49CE-8142-89379A226913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5726AE4-4F63-4793-8948-0546DAA2D50D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "66916DEB-ACE1-44E0-9535-10B3E03347AC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_regulatory_reporting_with_agilereporter:8.0.9.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9C146BA-6F4F-4A6F-8E53-8A4F5B8E15D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CC97EF4-DAB5-4A4C-B5DF-5AD2BF87DDB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "991B23C1-83FA-40B1-AF0A-9A7B10A9EDA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D56B4193-4DB7-4BD9-85FF-8665601E6D4F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D8FE6-2BB4-4FF6-8B42-2D47F6FBFDFA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7116EED-13F0-41A6-93D4-DBBDBD984423",
              "versionEndIncluding": "4.0.12",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "73573516-EDA0-4176-A3ED-2F7006C87F8E",
              "versionEndIncluding": "8.0.20",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "118E48CE-8603-442B-B9C9-E30A41E4D974",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6D325A0-3441-41AC-B00F-F2A7F85370A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "924AFE2D-D1BB-4026-9C12-BA379F8C5BEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, versiones 5.2.x anteriores a 5.2.3 son vulnerables a los ataques de tipo CSRF por medio de peticiones de verificaci\u00f3n previa CORS que van dirigidas a los endpoints Spring MVC (m\u00f3dulo spring-webmvc) o Spring WebFlux (m\u00f3dulo spring-webflux). Solo los endpoints no autenticados son vulnerables porque las peticiones de verificaci\u00f3n previa no deben incluir credenciales y, por lo tanto, las peticiones deben de presentar un fallo en la autenticaci\u00f3n. Sin embargo, una excepci\u00f3n notable para esto son los navegadores basados en Chrome cuando se usan certificados de cliente para la autenticaci\u00f3n, ya que Chrome env\u00eda certificados de cliente TLS en peticiones de verificaci\u00f3n previa CORS en violaci\u00f3n de los requerimientos de las especificaciones. Ning\u00fan cuerpo de HTTP puede ser enviado o recibido como un resultado de este ataque."
    }
  ],
  "id": "CVE-2020-5397",
  "lastModified": "2024-11-21T05:34:03.850",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.6,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "security@pivotal.io",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-17T19:15:14.727",
  "references": [
    {
      "source": "security@pivotal.io",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2020-5397"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@pivotal.io",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "security@pivotal.io",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2020-5397"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "security@pivotal.io",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security@pivotal.io",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2021-01-06 23:15
Modified
2024-11-21 05:28
Severity ?
8.1 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
References
cve@mitre.orghttps://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062Exploit, Technical Description, Third Party Advisory
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2996Issue Tracking, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20210205-0005/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062Exploit, Technical Description, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2996Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20210205-0005/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
netapp cloud_backup -
netapp service_level_manager -
debian debian_linux 9.0
oracle agile_plm 9.3.6
oracle application_testing_suite 13.3.0.1
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_platform 2.6.2
oracle banking_platform 2.7.0
oracle banking_platform 2.7.1
oracle banking_platform 2.8.0
oracle banking_platform 2.9.0
oracle banking_platform 2.10.0
oracle banking_treasury_management 14.4
oracle banking_virtual_account_management 14.2.0
oracle banking_virtual_account_management 14.3.0
oracle banking_virtual_account_management 14.5.0
oracle blockchain_platform *
oracle commerce_platform *
oracle commerce_platform 11.2.0
oracle communications_billing_and_revenue_management 7.5.0.23.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_cloud_native_core_policy 1.14.0
oracle communications_cloud_native_core_unified_data_repository 1.4.0
oracle communications_convergent_charging_controller 12.0.4.0.0
oracle communications_diameter_signaling_router *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.5.0
oracle communications_interactive_session_recorder 6.3
oracle communications_interactive_session_recorder 6.4
oracle communications_messaging_server 8.0.2
oracle communications_messaging_server 8.1
oracle communications_network_charging_and_control 12.0.4.0.0
oracle communications_offline_mediation_controller 12.0.0.3
oracle communications_pricing_design_center 12.0.0.4.0
oracle communications_services_gatekeeper 7.0
oracle communications_session_route_manager *
oracle communications_unified_inventory_management 7.4.1
oracle documaker 12.6.3
oracle documaker 12.6.4
oracle goldengate_application_adapters 19.1.0.0.0
oracle insurance_policy_administration *
oracle insurance_policy_administration 11.0.2
oracle insurance_rules_palette *
oracle insurance_rules_palette 11.0.2
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway *
oracle primavera_gateway 20.12.0
oracle primavera_unifier *
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle primavera_unifier 20.12
oracle retail_customer_management_and_segmentation_foundation *
oracle retail_merchandising_system 15.0.3
oracle retail_service_backbone 14.1.3.2
oracle retail_service_backbone 15.0.3.1
oracle retail_service_backbone 16.0.3
oracle retail_xstore_point_of_service 16.0.6
oracle retail_xstore_point_of_service 17.0.4
oracle retail_xstore_point_of_service 18.0.3
oracle retail_xstore_point_of_service 19.0.2
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4892ABAA-57A0-43D3-965C-2D7F4A8A6024",
              "versionEndExcluding": "2.6.7.5",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CC9C2-396F-408E-B0C4-D02D6D5BBEB8",
              "versionEndExcluding": "2.9.10.8",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "282150FF-C945-4A3E-8A80-E8757A8907EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBCE22C0-4253-40A5-89AE-499A3BC9EFF3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3C5C28ED-C5AA-40B9-9B26-6A91D20B3E1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_treasury_management:14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB612B4A-27C4-491E-AABD-6CAADE2E249E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D1534C11-E3F5-49F3-8F8D-7C5C90951E69",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D952E04D-DE2D-4AE0-BFE6-7D9B7E55AC80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_virtual_account_management:14.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1111BCFD-E336-4B31-A87E-76C684AC6DE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:blockchain_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A50522C-E7AC-4F6F-A340-CF6173FA4D4E",
              "versionEndIncluding": "21.1.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F012E976-E219-46C2-8177-60ED859594BE",
              "versionEndIncluding": "11.3.2",
              "versionStartIncluding": "11.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:commerce_platform:11.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21BEF2FC-89B8-4D97-BB3A-C1ECA19D03B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5.0.23.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "790A89FD-6B86-49AE-9B4F-AE7262915E13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_policy:1.14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4479F76A-4B67-41CC-98C7-C76B81050F8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_cloud_native_core_unified_data_repository:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB1BC31C-6016-42A8-9517-2FBBC92620CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:12.0.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4012B512-DB7D-476A-93A6-51054DD6E3D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4A94B36-479F-48F2-9B9E-ACEA2589EF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "46E23F2E-6733-45AF-9BD9-1A600BD278C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_interactive_session_recorder:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "E812639B-EE28-4C68-9F6F-70C8BF981C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1EC0B11B-9AC4-493B-9158-C6378AE71AD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_messaging_server:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E1214FDF-357A-4BB9-BADE-50FB2BD16D10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "28AD22B9-A037-419C-8D72-8B062E6882FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A23B00C1-878A-4B55-B87B-EFFFA6A5E622",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A28F42F0-FBDA-4574-AD30-7A04F27FEA3E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F5D870C4-FB9C-406C-9C6F-344670B0B000",
              "versionEndIncluding": "8.2.2.1",
              "versionStartIncluding": "8.2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7637F8B-15F1-42E2-BE18-E1FF7C66587D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:12.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "34019365-E6E3-4DBC-89EA-5783A29B61B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:documaker:12.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A1427F8-50F3-45B2-8836-A80ADA70F431",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DDB3D8B-1D04-4345-BB27-723186719CBD",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
              "versionEndIncluding": "11.3.0",
              "versionStartIncluding": "11.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0A366B8-1B5C-4C9E-A761-1AB1547D7404",
              "versionEndExcluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E561CFF-BB8A-4CFD-916D-4410A9265922",
              "versionEndIncluding": "9.2.5.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
              "versionEndIncluding": "17.12.11",
              "versionStartIncluding": "17.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "53E2276C-9515-46F6-A621-213A3047B9A6",
              "versionEndIncluding": "18.8.11",
              "versionStartIncluding": "18.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
              "versionEndIncluding": "19.12.10",
              "versionStartIncluding": "19.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:20.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A932C79-8646-4023-9C12-9C7A2A6840EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
              "versionEndIncluding": "19.0",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7C9BB48-50B2-4735-9E2F-E492C708C36D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.8 maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionada con com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource"
    }
  ],
  "id": "CVE-2020-36189",
  "lastModified": "2024-11-21T05:28:58.240",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-01-06T23:15:13.280",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Technical Description",
        "Third Party Advisory"
      ],
      "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-08-21 21:15
Modified
2024-11-21 05:39
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
References
security-officer@isc.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlMailing List, Third Party Advisory
security-officer@isc.orghttp://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlMailing List, Third Party Advisory
security-officer@isc.orghttps://kb.isc.org/docs/cve-2020-8622Vendor Advisory
security-officer@isc.orghttps://lists.debian.org/debian-lts-announce/2020/08/msg00053.htmlMailing List, Third Party Advisory
security-officer@isc.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/
security-officer@isc.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/
security-officer@isc.orghttps://security.gentoo.org/glsa/202008-19Third Party Advisory
security-officer@isc.orghttps://security.netapp.com/advisory/ntap-20200827-0003/Third Party Advisory
security-officer@isc.orghttps://usn.ubuntu.com/4468-1/Third Party Advisory
security-officer@isc.orghttps://usn.ubuntu.com/4468-2/Third Party Advisory
security-officer@isc.orghttps://www.debian.org/security/2020/dsa-4752Third Party Advisory
security-officer@isc.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security-officer@isc.orghttps://www.synology.com/security/advisory/Synology_SA_20_19Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://kb.isc.org/docs/cve-2020-8622Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/08/msg00053.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202008-19Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200827-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4468-1/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4468-2/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4752Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.synology.com/security/advisory/Synology_SA_20_19Third Party Advisory
Impacted products
Vendor Product Version
isc bind *
isc bind *
isc bind *
isc bind 9.9.3
isc bind 9.11.21
fedoraproject fedora 31
fedoraproject fedora 32
debian debian_linux 9.0
debian debian_linux 10.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
netapp steelstore_cloud_integrated_storage -
opensuse leap 15.1
opensuse leap 15.2
synology dns_server *
oracle communications_diameter_signaling_router *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "64A2E4C5-29AE-424C-8C9D-FDA1025E6056",
              "versionEndIncluding": "9.11.21",
              "versionStartIncluding": "9.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4777406-0B07-4C03-A919-4627C6E09286",
              "versionEndIncluding": "9.16.5",
              "versionStartIncluding": "9.12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "85031A21-4F54-4CE6-B0F3-66D09928FF3C",
              "versionEndIncluding": "9.17.3",
              "versionStartIncluding": "9.17.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:isc:bind:9.9.3:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "40EE014B-0CD8-45F3-BEDB-AE6368A78B04",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:isc:bind:9.11.21:s1:*:*:supported_preview:*:*:*",
              "matchCriteriaId": "5CC1F26C-4757-4C87-BD8B-2FA456A88C6F",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*",
              "matchCriteriaId": "CB66DB75-2B16-4EBF-9B93-CE49D8086E41",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "815D70A8-47D3-459C-A32C-9FEACA0659D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
              "matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "23A7C53F-B80F-4E6A-AFA9-58EEA84BE11D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:lts:*:*:*",
              "matchCriteriaId": "902B8056-9E37-443B-8905-8AA93E2447FB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B009C22E-30A4-4288-BCF6-C3E81DEAF45A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:synology:dns_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD9665DE-362F-4FB4-A49C-8D5E8253C878",
              "versionEndExcluding": "2.2.2-5028",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit."
    },
    {
      "lang": "es",
      "value": "En BIND versiones 9.0.0 -) 9.11.21, 9.12.0 -) 9.16.5, 9.17.0 -) 9.17.3, tambi\u00e9n afecta a versiones 9.9.3-S1 -) 9.11.21-S1 de BIND 9 Supported Preview Edition, un atacante sobre la ruta de la red para una petici\u00f3n firmada por TSIG, u operando el servidor que recibe la petici\u00f3n firmada por TSIG, podr\u00eda enviar una respuesta truncada a esa petici\u00f3n, desencadenando un fallo de aserci\u00f3n y causando que el servidor salga. Alternativamente, un atacante fuera de la ruta tendr\u00eda que adivinar correctamente cu\u00e1ndo fue enviada una petici\u00f3n firmada por TSIG, junto con otras caracter\u00edsticas del paquete y mensaje, y falsificar una respuesta truncada para desencadenar un fallo de aserci\u00f3n, causando la salida del servidor."
    }
  ],
  "id": "CVE-2020-8622",
  "lastModified": "2024-11-21T05:39:08.607",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "security-officer@isc.org",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-08-21T21:15:12.247",
  "references": [
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/cve-2020-8622"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
    },
    {
      "source": "security-officer@isc.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
    },
    {
      "source": "security-officer@isc.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-19"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4468-1/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4468-2/"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4752"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security-officer@isc.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://kb.isc.org/docs/cve-2020-8622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202008-19"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4468-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4468-2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4752"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
    }
  ],
  "sourceIdentifier": "security-officer@isc.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-617"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-31 05:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2670Patch, Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2670Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionado con org.apache.openjpa.ee.WASRegistryManagedRuntime (tambi\u00e9n se conoce como openjpa)."
    }
  ],
  "id": "CVE-2020-11113",
  "lastModified": "2024-11-21T04:56:49.317",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-31T05:15:13.117",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-06 13:29
Modified
2024-11-21 03:59
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/103696Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
security_alert@emc.comhttps://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E
security_alert@emc.comhttps://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
security_alert@emc.comhttps://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing List, Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1270Vendor Advisory
security_alert@emc.comhttps://www.exploit-db.com/exploits/44796/Broken Link, Third Party Advisory, VDB Entry
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103696Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1270Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/44796/Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_services_gatekeeper *
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_integration_bus 14.0.1
oracle retail_integration_bus 14.0.2
oracle retail_integration_bus 14.0.3
oracle retail_integration_bus 14.0.4
oracle retail_integration_bus 14.1.1
oracle retail_integration_bus 14.1.2
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 15.0.0.1
oracle retail_integration_bus 15.0.1
oracle retail_integration_bus 15.0.2
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.1
oracle retail_integration_bus 16.0.2
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-sale 14.0
oracle retail_point-of-sale 14.1
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle retail_xstore_point_of_service 7.1
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4
redhat fuse 1.0.0
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAB91230-5337-4373-BEB1-A84CF1CB2019",
              "versionEndExcluding": "4.3.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2CC334-AFF8-41D4-9FBD-88C8FF9DA406",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22847CAE-3C2C-4C2E-9D2E-47DB4091442E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5A9AB-3DE0-4496-82E5-A2DB5CFDAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E484D25-1753-42A1-9658-8E9CCE8E3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEAFF40-B0C7-4B05-A655-B3F93055FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF4C859-616D-44F9-BE76-589A4E6E8BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE753D-A090-47DE-8EF0-8FDE07576E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAFB538-A395-4C4D-83F7-CD453C0DFB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0CA26F-41D3-433F-9C17-1A4F5066F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27C4D75-3927-4D07-BE16-4204F641A453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A6CF77-09DF-43FD-833A-8DAAE016717A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "632E9828-907F-4F2C-81D5-A74A6DDA2748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:fuse:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F31D7E8-D31D-4268-9ABF-3733915AA226",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, as\u00ed como versiones m\u00e1s antiguas no soportadas, permite que las aplicaciones expongan STOMP en endpoints WebSocket con un simple agente STOMP en memoria a trav\u00e9s del m\u00f3dulo spring-messaging. Un usuario (o atacante) malicioso puede manipular un mensaje al agente que desemboca en un ataque de ejecuci\u00f3n remota de c\u00f3digo."
    }
  ],
  "id": "CVE-2018-1270",
  "lastModified": "2024-11-21T03:59:30.477",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-06T13:29:00.453",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103696"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1270"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44796/"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103696"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1270"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/44796/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-358"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-05-14 17:15
Modified
2024-11-21 05:11
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
References
security@apache.orghttp://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txtVendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txtVendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache activemq *
oracle communications_diameter_signaling_router *
oracle communications_element_manager 8.1.1
oracle communications_element_manager 8.2.0
oracle communications_element_manager 8.2.1
oracle communications_session_report_manager 8.1.1
oracle communications_session_report_manager 8.2.0
oracle communications_session_report_manager 8.2.1
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle enterprise_repository 11.1.1.7.0
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "641FA42D-EF8A-4FBE-9BE2-149B53931A44",
              "versionEndIncluding": "5.15.11",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C57FD3A-0CC1-4BA9-879A-8C4A40234162",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "698FB6D0-B26F-4760-9B9B-1C65FBFF2126",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F1D64BC-17BF-4DAE-B5FC-BC41F9C12DFD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB43DFD4-D058-4001-BD19-488E059F4532",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "086E2E5C-44EB-4C07-B298-C04189533996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA77B994-3872-4059-854B-0974AA5593D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69300B13-8C0F-4433-A6E8-B2CE32C4723D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue."
    },
    {
      "lang": "es",
      "value": "En Apache ActiveMQ versiones 5.0.0 hasta 5.15.11, la Interfaz de Usuario Gr\u00e1fica de administraci\u00f3n webconsole est\u00e1 abierta a un ataque de tipo XSS, en la vista que enumera el contenido de una cola."
    }
  ],
  "id": "CVE-2020-1941",
  "lastModified": "2024-11-21T05:11:39.913",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-05-14T17:15:12.320",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-10 08:15
Modified
2024-11-21 05:36
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
References
security@php.nethttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlMailing List, Third Party Advisory
security@php.nethttps://bugs.php.net/bug.php?id=79037Exploit, Patch, Vendor Advisory
security@php.nethttps://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlMailing List, Third Party Advisory
security@php.nethttps://seclists.org/bugtraq/2020/Feb/27Mailing List, Third Party Advisory
security@php.nethttps://seclists.org/bugtraq/2020/Feb/31Mailing List, Third Party Advisory
security@php.nethttps://seclists.org/bugtraq/2021/Jan/3Mailing List, Third Party Advisory
security@php.nethttps://security.gentoo.org/glsa/202003-57Third Party Advisory
security@php.nethttps://security.netapp.com/advisory/ntap-20200221-0002/Mailing List, Third Party Advisory
security@php.nethttps://usn.ubuntu.com/4279-1/Patch, Third Party Advisory
security@php.nethttps://www.debian.org/security/2020/dsa-4626Third Party Advisory
security@php.nethttps://www.debian.org/security/2020/dsa-4628Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security@php.nethttps://www.tenable.com/security/tns-2021-14Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=79037Exploit, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2020/Feb/27Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2020/Feb/31Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2021/Jan/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-57Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200221-0002/Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4279-1/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4626Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4628Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-14Patch, Third Party Advisory
Impacted products
Vendor Product Version
php php *
php php *
php php *
tenable tenable.sc *
oracle communications_diameter_signaling_router *
opensuse leap 15.1
debian debian_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8F023B-DDEF-48ED-9E3F-785F61636F98",
              "versionEndExcluding": "7.2.27",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4DF319B-F27D-44FC-BD7E-4022925E121D",
              "versionEndExcluding": "7.3.14",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF0A5CFA-33A0-4676-8A69-F0B3B4BC16A6",
              "versionEndExcluding": "7.4.2",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
              "versionEndExcluding": "5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2A0171-EAC8-4202-BA1D-2A9D9FE055E1",
              "versionEndIncluding": "8.4",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash."
    },
    {
      "lang": "es",
      "value": "Cuando se usan determinadas funciones de mbstring para convertir codificaciones multibyte, en PHP versiones 7.2.x por debajo de 7.2.27, versiones 7.3.x por debajo de 7.3.14 y versiones 7.4.x por debajo de 7.4.2, es posible suministrar datos que causar\u00e1n que la funci\u00f3n mbfl_filt_conv_big5_wchar lea m\u00e1s all\u00e1 del buffer asignado. Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n o bloqueo."
    }
  ],
  "id": "CVE-2020-7060",
  "lastModified": "2024-11-21T05:36:35.360",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-10T08:15:12.797",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79037"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/27"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/31"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2021/Jan/3"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4279-1/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4626"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4628"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2021/Jan/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4279-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-03-26 13:15
Modified
2024-11-21 04:56
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
References
cve@mitre.orghttps://github.com/FasterXML/jackson-databind/issues/2642Third Party Advisory
cve@mitre.orghttps://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/2642Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200403-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
debian debian_linux 8.0
netapp steelstore_cloud_integrated_storage -
oracle agile_plm 9.3.6
oracle autovue_for_agile_product_lifecycle_management 21.0.2
oracle banking_digital_experience 18.1
oracle banking_digital_experience 18.2
oracle banking_digital_experience 18.3
oracle banking_digital_experience 19.1
oracle banking_digital_experience 19.2
oracle banking_digital_experience 20.1
oracle banking_platform *
oracle communications_calendar_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.4.0
oracle communications_contacts_server 8.0.0.5.0
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_evolved_communications_application_server 7.1
oracle communications_instant_messaging_server 10.0.1.4.0
oracle communications_network_charging_and_control *
oracle communications_network_charging_and_control 6.0.1
oracle communications_session_report_manager *
oracle communications_session_route_manager *
oracle enterprise_manager_base_platform 13.3.0.0
oracle enterprise_manager_base_platform 13.4.0.0
oracle financial_services_analytical_applications_infrastructure *
oracle financial_services_institutional_performance_analytics 8.0.6
oracle financial_services_institutional_performance_analytics 8.0.7
oracle financial_services_institutional_performance_analytics 8.1.0
oracle financial_services_price_creation_and_discovery 8.0.6
oracle financial_services_price_creation_and_discovery 8.0.7
oracle financial_services_retail_customer_analytics 8.0.6
oracle global_lifecycle_management_opatch *
oracle insurance_policy_administration_j2ee 11.0.2.25
oracle insurance_policy_administration_j2ee 11.1.0.15
oracle jd_edwards_enterpriseone_orchestrator *
oracle jd_edwards_enterpriseone_tools *
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle primavera_unifier 19.12
oracle retail_merchandising_system 15.0
oracle retail_sales_audit 14.1
oracle retail_service_backbone 14.1
oracle retail_service_backbone 15.0
oracle retail_service_backbone 16.0
oracle retail_xstore_point_of_service 15.0
oracle retail_xstore_point_of_service 16.0
oracle retail_xstore_point_of_service 17.0
oracle retail_xstore_point_of_service 18.0
oracle retail_xstore_point_of_service 19.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29BC94E0-FEBC-4E86-825C-0101DC339852",
              "versionEndExcluding": "2.7.9.7",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "04F30C23-46F8-4F58-807B-002C5E96B7F7",
              "versionEndExcluding": "2.8.11.6",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "77F8EDB1-5890-4054-84FF-2034C7D2ED96",
              "versionEndExcluding": "2.9.10.4",
              "versionStartIncluding": "2.9.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "E94F7F59-1785-493F-91A7-5F5EA5E87E4D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "97994257-C9A4-4491-B362-E8B25B7187AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBE7BF09-B89C-4590-821E-6C0587E096B5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADAE8A71-0BCD-42D5-B38C-9B2A27CC1E6B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:18.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7231D2D-4092-44F3-B60A-D7C9ED78AFDF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5343F8F8-E8B4-49E9-A304-9C8A608B8027",
              "versionEndIncluding": "2.9.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "46059231-E7F6-4402-8119-1C7FE4ABEA96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "113E281E-977E-4195-B131-B7C7A2933B6E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D01A0BBC-DA0E-4AFE-83BF-4F3BA01653EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "987811D5-DA5E-493D-8709-F9231A84E5F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DB23B9A-571E-4B77-B432-23F3DC9B67D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AB443D1-D8E0-4253-9E1C-B62AEBBE582A",
              "versionEndIncluding": "12.0.3",
              "versionStartIncluding": "12.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "ECC00750-1DBF-401F-886E-E0E65A277409",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7582B307-3899-4BBB-B868-BC912A4D0109",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
              "versionEndIncluding": "8.1.0",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "37C8EE84-A840-4132-B331-C7D450B1FBBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8436A2-9CA3-4C91-B632-9B03368ABC1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A00142E6-EEB3-44BD-AB0D-0E5C5640557F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A01F8ED-64DA-43BC-9C02-488010BCD0F4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "75638A6A-88B2-4BC7-84EA-1CF5FC30D555",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FBF422E-3F67-4599-A7C1-0E2E4224553A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8200D5C-D3C7-4936-84A7-37864DEEC62B",
              "versionEndExcluding": "12.2.0.1.20",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "72F28CE3-F835-4458-8D70-CBE9FC2F7E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.1.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F058FDA-04BC-4F32-830D-206983770692",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6E46AE88-E9F8-41CB-B15F-12F5127A1E8D",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3D635AE-5E4A-47FB-9FCA-D82D52A61367",
              "versionEndExcluding": "9.2.4.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "792DF04A-2D1B-40B5-B960-3E7152732EB8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DA6E92C-AC3B-40CF-96AE-22CD8769886F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "378A6656-252B-4929-83EA-BC107FDFD357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "363395FA-C296-4B2B-9D6F-BCB8DBE6FACE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F62A2144-5EF8-4319-B8C2-D7975F51E5FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "11DA6839-849D-4CEF-85F3-38FE75E07183",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BCE78490-A4BE-40BD-8C72-0A4526BBD4A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CB39A1A-AD29-45DD-9EB5-5E2053A01B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "27C26705-6D1F-4D5E-B64D-B479108154FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
    },
    {
      "lang": "es",
      "value": "FasterXML jackson-databind versiones 2.x anteriores a 2.9.10.4, maneja inapropiadamente la interacci\u00f3n entre los gadgets de serializaci\u00f3n y la escritura, relacionado con javax.swing.JEditorPane."
    }
  ],
  "id": "CVE-2020-10969",
  "lastModified": "2024-11-21T04:56:28.820",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-03-26T13:15:13.077",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-10-21 15:15
Modified
2024-11-21 05:04
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
References
secalert_us@oracle.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Vendor Advisory
Impacted products
Vendor Product Version
oracle communications_diameter_signaling_router *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "12981AA7-BBF6-4158-8F7D-9DD3880FDCC1",
              "versionEndIncluding": "8.4.0.5",
              "versionStartIncluding": "8.0.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en el producto Oracle Communications Diameter Signaling Router (DSR) de Oracle Communications (componente: User Interface).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 8.0.0.0-8.4.0.5.\u0026#xa0;Una vulnerabilidad explotable f\u00e1cilmente permite a un atacante poco privilegiado con acceso a la red por medio de HTTP comprometer a Oracle Communications Diameter Signaling Router (DSR).\u0026#xa0;Los ataques con \u00e9xito requieren la interacci\u00f3n humana de una persona diferente del atacante y, aunque la vulnerabilidad est\u00e1 en Oracle Communications Diameter Signaling Router (DSR), los ataques pueden impactar significativamente a productos adicionales.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la actualizaci\u00f3n no autorizada,\u0026#xa0;insertar o eliminar el acceso a algunos de los datos accesibles de Oracle Communications Diameter Signaling Router (DSR), as\u00ed como el acceso de lectura no autorizado a un subconjunto de datos accesibles de Oracle Communications Diameter Signaling Router (DSR).\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 5.4 (Impactos de la Confidencialidad e Integridad).\u0026#xa0;Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)"
    }
  ],
  "id": "CVE-2020-14787",
  "lastModified": "2024-11-21T05:04:09.710",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.9,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "secalert_us@oracle.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2020-10-21T15:15:18.907",
  "references": [
    {
      "source": "secalert_us@oracle.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert_us@oracle.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-03-28 22:29
Modified
2024-11-21 04:16
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
References
security@apache.orghttp://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txtMitigation, Third Party Advisory
security@apache.orghttp://www.openwall.com/lists/oss-security/2019/03/27/2Mailing List, Third Party Advisory
security@apache.orghttp://www.securityfocus.com/bid/107622Third Party Advisory, VDB Entry
security@apache.orghttps://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/03/msg00004.htmlMailing List, Third Party Advisory
security@apache.orghttps://lists.debian.org/debian-lts-announce/2021/03/msg00005.htmlMailing List, Third Party Advisory
security@apache.orghttps://security.netapp.com/advisory/ntap-20190502-0006/Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security@apache.orghttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txtMitigation, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2019/03/27/2Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/107622Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/03/msg00004.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2021/03/msg00005.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20190502-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlThird Party Advisory
Impacted products
Vendor Product Version
apache activemq *
netapp e-series_santricity_web_services -
oracle communications_diameter_signaling_router 8.0.0
oracle communications_diameter_signaling_router 8.1
oracle communications_diameter_signaling_router 8.2
oracle communications_diameter_signaling_router 8.2.1
oracle enterprise_manager_base_platform 12.1.0.5.0
oracle enterprise_manager_base_platform 13.2.0.0.0
oracle enterprise_manager_base_platform 13.3.0.0.0
oracle enterprise_repository 12.1.3.0.0
oracle goldengate_stream_analytics *
oracle identity_manager_connector 9.0
debian debian_linux 9.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:activemq:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BA1FC50-C563-4079-9FAB-F81254306AB3",
              "versionEndIncluding": "5.15.8",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:e-series_santricity_web_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "680ECEAE-D73F-47D2-8AF8-7704469CF3EA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9317C01-22AA-452B-BBBF-5FAFFFB8BEA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4534CF9-D9FD-4936-9D8C-077387028A05",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D60384BD-284C-4A68-9EEF-0FAFDF0C21F3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCA44E38-EB8C-4E2D-8611-B201F47520E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_repository:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9E13DD9-F456-4802-84AD-A2A1F12FE999",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_stream_analytics:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4E7F2AA-B851-4D85-9895-2CDD6BE9FCB4",
              "versionEndExcluding": "19.1.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager_connector:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E8BD581B-1CC0-4236-836A-204BBCBBBF77",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive."
    },
    {
      "lang": "es",
      "value": "En Apache ActiveMQ, desde la versi\u00f3n 5.0.0 hasta la 5.15.8, la deserializaci\u00f3n de una trama MQTT corrupta puede conducir a una excepci\u00f3n de br\u00f3ker fuera de memoria, haciendo que no responda."
    }
  ],
  "id": "CVE-2019-0222",
  "lastModified": "2024-11-21T04:16:31.557",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-03-28T22:29:00.433",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/03/27/2"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107622"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190502-0006/"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Third Party Advisory"
      ],
      "url": "http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2019/03/27/2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107622"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20190502-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-02-10 08:15
Modified
2024-11-21 05:36
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
9.1 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Summary
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
References
security@php.nethttp://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlThird Party Advisory
security@php.nethttps://bugs.php.net/bug.php?id=79099Exploit, Vendor Advisory
security@php.nethttps://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlThird Party Advisory
security@php.nethttps://seclists.org/bugtraq/2020/Feb/27Mailing List, Third Party Advisory
security@php.nethttps://seclists.org/bugtraq/2020/Feb/31Mailing List, Third Party Advisory
security@php.nethttps://seclists.org/bugtraq/2021/Jan/3Mailing List, Third Party Advisory
security@php.nethttps://security.gentoo.org/glsa/202003-57Third Party Advisory
security@php.nethttps://security.netapp.com/advisory/ntap-20200221-0002/Third Party Advisory
security@php.nethttps://usn.ubuntu.com/4279-1/Patch, Third Party Advisory
security@php.nethttps://www.debian.org/security/2020/dsa-4626Third Party Advisory
security@php.nethttps://www.debian.org/security/2020/dsa-4628Third Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
security@php.nethttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security@php.nethttps://www.tenable.com/security/tns-2021-14Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugs.php.net/bug.php?id=79099Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2020/Feb/27Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2020/Feb/31Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://seclists.org/bugtraq/2021/Jan/3Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202003-57Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200221-0002/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://usn.ubuntu.com/4279-1/Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4626Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2020/dsa-4628Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.tenable.com/security/tns-2021-14Patch, Third Party Advisory
Impacted products
Vendor Product Version
php php *
php php *
php php *
tenable tenable.sc *
oracle communications_diameter_signaling_router *
opensuse leap 15.1
debian debian_linux 8.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C8F023B-DDEF-48ED-9E3F-785F61636F98",
              "versionEndExcluding": "7.2.27",
              "versionStartIncluding": "7.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4DF319B-F27D-44FC-BD7E-4022925E121D",
              "versionEndExcluding": "7.3.14",
              "versionStartIncluding": "7.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:php:php:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF0A5CFA-33A0-4676-8A69-F0B3B4BC16A6",
              "versionEndExcluding": "7.4.2",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "41DBA7C7-8084-45F6-B59D-13A9022C34DF",
              "versionEndExcluding": "5.19.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C2A0171-EAC8-4202-BA1D-2A9D9FE055E1",
              "versionEndIncluding": "8.4",
              "versionStartIncluding": "8.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash."
    },
    {
      "lang": "es",
      "value": "Cuando se usa la funci\u00f3n fgetss() para leer datos con etiquetas de eliminaci\u00f3n, en PHP versiones 7.2.x por debajo de 7.2.27, versiones 7.3.x por debajo de 7.3.14 y versiones 7.4.x por debajo de 7.4.2, es posible suministrar datos que causar\u00e1n que esta funci\u00f3n lea m\u00e1s all\u00e1 del b\u00fafer asignado. Esto puede conllevar a una divulgaci\u00f3n de informaci\u00f3n o bloqueo."
    }
  ],
  "id": "CVE-2020-7059",
  "lastModified": "2024-11-21T05:36:35.167",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.5,
        "source": "security@php.net",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.1,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-02-10T08:15:12.673",
  "references": [
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79099"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/27"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/31"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2021/Jan/3"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4279-1/"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4626"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4628"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@php.net",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://bugs.php.net/bug.php?id=79099"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/27"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2020/Feb/31"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://seclists.org/bugtraq/2021/Jan/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202003-57"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://usn.ubuntu.com/4279-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2020/dsa-4628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.tenable.com/security/tns-2021-14"
    }
  ],
  "sourceIdentifier": "security@php.net",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "security@php.net",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-125"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-01-16 18:15
Modified
2024-11-21 04:22
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.
References
security@apache.orghttp://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2Vendor Advisory
security@apache.orghttps://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
security@apache.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security@apache.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
apache cxf *
apache cxf *
oracle commerce_guided_search 11.3.2
oracle communications_diameter_signaling_router *
oracle communications_element_manager *
oracle communications_session_report_manager *
oracle communications_session_route_manager 8.1.1
oracle communications_session_route_manager 8.2.0
oracle communications_session_route_manager 8.2.1
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle retail_order_broker 15.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D541256-E46B-4433-8712-05A583DD7E79",
              "versionEndExcluding": "3.2.12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:cxf:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "291B8116-D0B0-4A72-BD51-B941D2129943",
              "versionEndExcluding": "3.3.5",
              "versionStartIncluding": "3.3.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B51F78F4-8D7E-48C2-86D1-D53A6EB348A7",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3E5416A1-EE58-415D-9645-B6A875EBAED2",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5682DAEB-3810-4541-833A-568C868BCE0B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "01BC9AED-F81D-4344-AD97-EEF19B6EA8C7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:8.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8198E762-9AD9-452B-B1AF-516E52436B7D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all."
    },
    {
      "lang": "es",
      "value": "Apache CXF entregado con un servicio OpenId Connect JWK Keys, que permite al cliente obtener las claves p\u00fablicas en formato JWK, que luego pueden ser usadas para comprobar la firma de los tokens emitidos por parte del servicio. Normalmente, el servicio obtiene la clave p\u00fablica de un almac\u00e9n de claves local (JKS/PKCS12) mediante la especificaci\u00f3n de la ruta del almac\u00e9n de claves y el alias de la entrada del almac\u00e9n de claves. Este caso no es vulnerable. Sin embargo, tambi\u00e9n es posible obtener las claves de un archivo del almac\u00e9n de claves JWK, estableciendo el par\u00e1metro de configuraci\u00f3n \"rs.security.keystore.type\" en \"jwk\". Para este caso, todas las claves son devueltas a este archivo \"as is\", incluyendo todas las credenciales de clave privada y clave secreta. Este es un riesgo de seguridad obvio si el usuario ha configurado el archivo de almac\u00e9n de claves de firma con credenciales de clave privada o secreta. Desde CXF versiones 3.3.5 y 3.2.12, es obligatorio especificar un alias correspondiente al id de la clave en el archivo JWK, y solo esta clave es devuelta. Adem\u00e1s, cualquier informaci\u00f3n de clave privada es omitida por defecto. Las claves \"oct\", que contienen claves secretas, no son devueltas en absoluto."
    }
  ],
  "id": "CVE-2019-12423",
  "lastModified": "2024-11-21T04:22:48.770",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-01-16T18:15:11.400",
  "references": [
    {
      "source": "security@apache.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1\u0026modificationDate=1579178393000\u0026api=v2"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security@apache.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1\u0026modificationDate=1579178393000\u0026api=v2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "security@apache.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-522"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2020-06-05 14:15
Modified
2024-11-21 04:56
Severity ?
8.6 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H
Summary
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlMailing List, Third Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podThird Party Advisory
cve@mitre.orghttps://github.com/Perl/perl5/compare/v5.30.2...v5.30.3Patch, Third Party Advisory
cve@mitre.orghttps://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8Patch, Third Party Advisory
cve@mitre.orghttps://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3cPatch, Third Party Advisory
cve@mitre.orghttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
cve@mitre.orghttps://security.gentoo.org/glsa/202006-03Third Party Advisory
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20200611-0001/Third Party Advisory
cve@mitre.orghttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3cPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/202006-03Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20200611-0001/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2022.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
perl perl *
fedoraproject fedora 31
opensuse leap 15.1
netapp oncommand_workflow_automation -
netapp snap_creator_framework -
oracle communications_billing_and_revenue_management 12.0.0.2.0
oracle communications_billing_and_revenue_management 12.0.0.3.0
oracle communications_diameter_signaling_router *
oracle communications_eagle_application_processor *
oracle communications_eagle_lnp_application_processor 10.1
oracle communications_eagle_lnp_application_processor 10.2
oracle communications_eagle_lnp_application_processor 46.7
oracle communications_eagle_lnp_application_processor 46.8
oracle communications_eagle_lnp_application_processor 46.9
oracle communications_lsms *
oracle communications_offline_mediation_controller 12.0.0.3.0
oracle communications_performance_intelligence_center *
oracle communications_performance_intelligence_center *
oracle communications_pricing_design_center 12.0.0.3.0
oracle configuration_manager 12.1.2.0.8
oracle enterprise_manager_base_platform 13.4.0.0
oracle sd-wan_aware 8.2
oracle sd-wan_aware 9.0
oracle sd-wan_aware 9.1
oracle tekelec_platform_distribution *


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:perl:perl:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C171B203-3DAA-43B7-A0BE-DDB0895EB744",
              "versionEndExcluding": "5.30.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
              "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2ECD5E79-5C1B-42E9-BE0B-A034EE2D632D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E39D442D-1997-49AF-8B02-5640BE2A26CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C88D46AF-459D-4917-9403-0F63FEC83512",
              "versionEndIncluding": "8.5.0",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_application_processor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A0E3537-CB5A-40BF-B42C-CED9211B8892",
              "versionEndIncluding": "16.4.0",
              "versionStartIncluding": "16.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "996861FC-0089-4BED-8E46-F2B76037EA65",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "37764AF5-E42E-461E-AA43-763D21B3DCE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "879FE18D-6B1C-4CF7-B409-C379E9F60D0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2BE3FB3-5619-4381-BE4E-FBADB3C747F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_eagle_lnp_application_processor:46.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AB3C447-DA3F-44FF-91FD-8985C0527940",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_lsms:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "806AF4AF-12FB-4222-84E4-BC9D44EFF09F",
              "versionEndIncluding": "13.4",
              "versionStartIncluding": "13.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_offline_mediation_controller:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "49ACFC73-A509-4D1C-8FC3-F68F495AB055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "977CA754-6CE0-4FCB-9683-D81B7A15449D",
              "versionEndIncluding": "10.3.0.2.1",
              "versionStartIncluding": "10.3.0.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "29A3F7EF-2A69-427F-9F75-DDDBEE34BA2B",
              "versionEndIncluding": "10.4.0.3.1",
              "versionStartIncluding": "10.4.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7B49D71-6A31-497A-B6A9-06E84F086E7A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:configuration_manager:12.1.2.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "495DECD7-B14F-4D59-B3E1-30BF9B267475",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_aware:8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "667A06DE-E173-406F-94DA-1FE64BCFAE18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B003D11-398F-486C-941D-698FB5BE5BCE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:sd-wan_aware:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D13834B9-C48B-4C72-A27B-F9A8ACB50098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tekelec_platform_distribution:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "26F05F85-7458-4C8F-B93F-93C92E506A40",
              "versionEndIncluding": "7.7.1",
              "versionStartIncluding": "7.4.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
    },
    {
      "lang": "es",
      "value": "Perl versiones anteriores a 5.30.3, presenta un desbordamiento de enteros relacionado con un manejo inapropiado de una situaci\u00f3n \"PL_regkind[OP(n)] == NOTHING\". Una expresi\u00f3n regular dise\u00f1ada podr\u00eda conllevar a un bytecode malformado con la posibilidad de inyecci\u00f3n de instrucciones"
    }
  ],
  "id": "CVE-2020-10878",
  "lastModified": "2024-11-21T04:56:16.367",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.6,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 4.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-06-05T14:15:10.527",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-03"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/202006-03"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-190"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-04-06 13:29
Modified
2024-11-21 03:59
Severity ?
5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/103699Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1271Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103699Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1320Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2669Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2939Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1271Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
vmware spring_framework *
vmware spring_framework *
oracle application_testing_suite 12.5.0.3
oracle application_testing_suite 13.1.0.1
oracle application_testing_suite 13.2.0.1
oracle application_testing_suite 13.3.0.1
oracle big_data_discovery 1.6.0
oracle communications_converged_application_server *
oracle communications_diameter_signaling_router *
oracle communications_performance_intelligence_center *
oracle communications_policy_management 12.5.0
oracle communications_services_gatekeeper *
oracle enterprise_manager_ops_center 12.2.2
oracle enterprise_manager_ops_center 12.3.3
oracle goldengate_for_big_data 12.2.0.1
oracle goldengate_for_big_data 12.3.1.1
oracle goldengate_for_big_data 12.3.2.1
oracle health_sciences_information_manager 3.0
oracle healthcare_master_person_index 3.0
oracle healthcare_master_person_index 4.0
oracle insurance_calculation_engine *
oracle insurance_calculation_engine 10.1.1
oracle insurance_calculation_engine 10.2
oracle insurance_calculation_engine 10.2.1
oracle insurance_rules_palette 10.0
oracle insurance_rules_palette 10.1
oracle insurance_rules_palette 10.2
oracle insurance_rules_palette 11.0
oracle insurance_rules_palette 11.1
oracle primavera_gateway 15.2
oracle primavera_gateway 16.2
oracle primavera_gateway 17.12
oracle rapid_planning 12.1
oracle rapid_planning 12.2
oracle retail_back_office 14.0
oracle retail_back_office 14.1
oracle retail_central_office 14.0
oracle retail_central_office 14.1
oracle retail_customer_insights 15.0
oracle retail_customer_insights 16.0
oracle retail_integration_bus 14.0.1
oracle retail_integration_bus 14.0.2
oracle retail_integration_bus 14.0.3
oracle retail_integration_bus 14.0.4
oracle retail_integration_bus 14.1.1
oracle retail_integration_bus 14.1.2
oracle retail_integration_bus 14.1.3
oracle retail_integration_bus 15.0.0.1
oracle retail_integration_bus 15.0.1
oracle retail_integration_bus 15.0.2
oracle retail_integration_bus 16.0
oracle retail_integration_bus 16.0.1
oracle retail_integration_bus 16.0.2
oracle retail_open_commerce_platform 5.3.0
oracle retail_open_commerce_platform 6.0.0
oracle retail_open_commerce_platform 6.0.1
oracle retail_order_broker 5.1
oracle retail_order_broker 5.2
oracle retail_order_broker 15.0
oracle retail_order_broker 16.0
oracle retail_point-of-sale 14.0
oracle retail_point-of-sale 14.1
oracle retail_predictive_application_server 14.0
oracle retail_predictive_application_server 14.1
oracle retail_predictive_application_server 15.0
oracle retail_predictive_application_server 16.0
oracle retail_returns_management 14.0
oracle retail_returns_management 14.1
oracle retail_xstore_point_of_service 7.1
oracle service_architecture_leveraging_tuxedo 12.1.3.0.0
oracle service_architecture_leveraging_tuxedo 12.2.2.0.0
oracle tape_library_acsls 8.4


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD987888-3DB7-4BE3-A830-9F915F3C81DF",
              "versionEndExcluding": "4.3.15",
              "versionStartIncluding": "4.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2CC334-AFF8-41D4-9FBD-88C8FF9DA406",
              "versionEndExcluding": "5.0.5",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "00280604-1DC1-4974-BF73-216C5D76FFA3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC361999-AAD8-4CB3-B00E-E3990C3529B4",
              "versionEndExcluding": "7.0.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_policy_management:12.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5312AC7A-3C16-4967-ACA6-317289A749D0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BE12B6A4-E128-41EC-8017-558F50B961BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1C4A89F2-713D-4A36-9D28-22748D30E0FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDFABB2C-2FA2-4F83-985B-7FCEAF274418",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A609003-8687-40B4-8AC3-06A1534ADE30",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C79B50C2-27C2-4A9C-ACEE-B70015283F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "25F8E604-8180-4728-AD2D-7FF034E3E65A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBAFA631-C92B-4FF7-8E65-07C67789EBCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9652104A-119D-4327-A937-8BED23C23861",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6CBFA960-D242-43ED-8D4C-A60F01B70740",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0513B305-97EF-4609-A82E-D0CDFF9925BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31C7EEA3-AA72-48DA-A112-2923DBB37773",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "83B5F416-56AE-4DC5-BCFF-49702463E716",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "22847CAE-3C2C-4C2E-9D2E-47DB4091442E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4D5A9AB-3DE0-4496-82E5-A2DB5CFDAA9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "1E484D25-1753-42A1-9658-8E9CCE8E3568",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FEAFF40-B0C7-4B05-A655-B3F93055FBCF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBF4C859-616D-44F9-BE76-589A4E6E8BF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8CE753D-A090-47DE-8EF0-8FDE07576E80",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7BAFB538-A395-4C4D-83F7-CD453C0DFB4D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7C0CA26F-41D3-433F-9C17-1A4F5066F184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B27C4D75-3927-4D07-BE16-4204F641A453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0A6CF77-09DF-43FD-833A-8DAAE016717A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "07630491-0624-4C5C-A858-C5D3CDCD1B68",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC9CA11F-F718-43E5-ADB9-6C348C75E37A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAA4DF85-9225-4422-BF10-D7DAE7DCE007",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "77C2A2A4-285B-40A1-B9AD-42219D742DD4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "632E9828-907F-4F2C-81D5-A74A6DDA2748",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_point-of-sale:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "274999E6-18ED-46F0-8CF2-56374B3DF174",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FFEA075-11EB-4E99-92A1-8B2883C64CC0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "959316A8-C3AF-4126-A242-3835ED0AD1E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "909A7F73-0164-471B-8EBD-1F70072E9809",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CE08DC9-5153-48D6-B23C-68A632FF8FF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "70D4467D-6968-4557-AF61-AFD42B2B48D3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework, en versiones 5.0 anteriores a la 5.0.5 y versiones 4.3 anteriores a la 4.3.15, as\u00ed como versiones m\u00e1s antiguas no soportadas, permite que las aplicaciones configuren Spring MVC para que sirva recursos est\u00e1ticos (por ejemplo, CSS, JS o im\u00e1genes). Cuando se sirven recursos est\u00e1ticos desde un sistema de archivos en Windows (en contraposici\u00f3n a classpath o a ServletContext), un usuario malicioso puede enviar una petici\u00f3n mediante una URL especialmente manipulada que puede llevar a un ataque de salto de directorio."
    }
  ],
  "id": "CVE-2018-1271",
  "lastModified": "2024-11-21T03:59:30.683",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-04-06T13:29:00.500",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103699"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1320"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2669"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2939"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-1271"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "security_alert@emc.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-22"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2018-02-06 15:29
Modified
2024-11-21 03:14
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
References
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
secalert@redhat.comhttp://www.securityfocus.com/bid/103880Third Party Advisory, VDB Entry
secalert@redhat.comhttp://www.securitytracker.com/id/1039769Third Party Advisory, VDB Entry
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:3189Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2017:3190Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0342Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0478Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0479Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0480Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0481Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0576Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:0577Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1447Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1448Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1449Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1450Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:1451Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2018:2927Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
secalert@redhat.comhttps://github.com/FasterXML/jackson-databind/issues/1680Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://github.com/FasterXML/jackson-databind/issues/1737Issue Tracking, Patch, Third Party Advisory
secalert@redhat.comhttps://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E
secalert@redhat.comhttps://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlMailing List, Third Party Advisory
secalert@redhat.comhttps://security.netapp.com/advisory/ntap-20171214-0003/Third Party Advisory
secalert@redhat.comhttps://www.debian.org/security/2017/dsa-4037Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
secalert@redhat.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/103880Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1039769Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3189Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2017:3190Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0342Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0478Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0479Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0480Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0481Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0576Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:0577Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1447Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1448Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1449Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1450Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1451Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:2927Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:2858Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3149Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/1680Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/FasterXML/jackson-databind/issues/1737Issue Tracking, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlMailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20171214-0003/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2017/dsa-4037Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind *
fasterxml jackson-databind 2.9.0
fasterxml jackson-databind 2.9.0
fasterxml jackson-databind 2.9.0
fasterxml jackson-databind 2.9.0
fasterxml jackson-databind 2.9.0
debian debian_linux 8.0
debian debian_linux 9.0
redhat openshift_container_platform 3.11
redhat satellite 6.4
redhat satellite_capsule 6.4
redhat openshift_container_platform 4.1
redhat enterprise_linux 7.0
redhat jboss_enterprise_application_platform 6.0.0
redhat jboss_enterprise_application_platform 6.4.0
redhat enterprise_linux 5.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
redhat jboss_enterprise_application_platform 7.1.0
redhat enterprise_linux 6.0
redhat enterprise_linux 7.0
netapp oncommand_balance -
netapp oncommand_performance_manager -
netapp oncommand_performance_manager -
netapp oncommand_shift -
netapp snapcenter -
oracle banking_platform 2.5.0
oracle banking_platform 2.6.0
oracle banking_platform 2.6.1
oracle banking_platform 2.6.2
oracle clusterware 12.1.0.2.0
oracle communications_billing_and_revenue_management 7.5
oracle communications_billing_and_revenue_management 12.0
oracle communications_diameter_signaling_router *
oracle communications_instant_messaging_server 10.0.1.2.0
oracle database_server 12.2.0.1
oracle database_server 18.1
oracle enterprise_manager_for_virtualization 13.2.2
oracle enterprise_manager_for_virtualization 13.2.3
oracle enterprise_manager_for_virtualization 13.3.1
oracle financial_services_analytical_applications_infrastructure 8.0.2
oracle financial_services_analytical_applications_infrastructure 8.0.3
oracle financial_services_analytical_applications_infrastructure 8.0.4
oracle financial_services_analytical_applications_infrastructure 8.0.5
oracle financial_services_analytical_applications_infrastructure 8.0.6
oracle financial_services_analytical_applications_infrastructure 8.0.7
oracle global_lifecycle_management_opatchauto *
oracle identity_manager 11.1.2.3.0
oracle identity_manager 12.2.1.3.0
oracle jd_edwards_enterpriseone_tools 9.2
oracle primavera_unifier *
oracle primavera_unifier 16.1
oracle primavera_unifier 16.2
oracle primavera_unifier 18.8
oracle utilities_advanced_spatial_and_operational_analytics 2.7.0.1
oracle webcenter_portal 12.2.1.3.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "1AF3A54B-F0A1-4929-976B-6C57090B5AD8",
              "versionEndExcluding": "2.6.7.2",
              "versionStartIncluding": "2.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5BBA4A48-37C7-4165-B422-652EFD99B05B",
              "versionEndExcluding": "2.7.9.2",
              "versionStartIncluding": "2.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C4C1153-B607-4BD1-AB91-E362F4F27B94",
              "versionEndExcluding": "2.8.10",
              "versionStartIncluding": "2.8.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:-:*:*:*:*:*:*",
              "matchCriteriaId": "5F565BD2-F759-47FB-B8BB-95AE50DF8389",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease1:*:*:*:*:*:*",
              "matchCriteriaId": "0BDA05E4-4693-4AA0-843B-476059E345CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease2:*:*:*:*:*:*",
              "matchCriteriaId": "CF988893-BBEE-4BE3-949F-E4B8158B3046",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease3:*:*:*:*:*:*",
              "matchCriteriaId": "6875BC5F-2EF7-40E3-B319-F7A53385DDFB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:fasterxml:jackson-databind:2.9.0:prerelease4:*:*:*:*:*:*",
              "matchCriteriaId": "90DF71E0-C581-4510-AB9F-9471E88797C1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F87326E-0B56-4356-A889-73D026DB1D4B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB283C80-F7AF-4776-8432-655E50D7D65B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:satellite_capsule:6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "461407B5-C167-4DE1-A934-FD5ADFB4AD4E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "064E7BDD-4EF0-4A0D-A38D-8C75BAFEDCEF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B142ACCC-F7A9-4A3B-BE60-0D6691D5058D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:6.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B1ABA871-3271-48E2-A69C-5AD70AF94E53",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D8B549B-E57B-4DFE-8A13-CAB06B5356B3",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:jboss_enterprise_application_platform:7.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "868C0845-F25C-487F-A697-72917BE9D78E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_balance:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7DCBCC5D-C396-47A8-ADF4-D3A2C4377FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:linux:*:*",
              "matchCriteriaId": "54E72B69-4E04-42A3-B532-53E98C6796D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_performance_manager:-:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "698C6261-679D-45C1-A396-57AC96AD64D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_shift:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD81527-A341-42C3-9AB9-880D3DB04B08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8972497F-6E24-45A9-9A18-EB0E842CB1D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "400509A8-D6F2-432C-A2F1-AD5B8778D0D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:clusterware:12.1.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6C9084DB-329E-403F-8D0A-5B9F53183714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6039DC7-08F2-4DD9-B5B5-B6B22DD2409F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7231AF76-3D46-41C4-83E9-6E9E12940BD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9615B3B8-B176-4359-97B5-D2E2FEE5BFEA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:12.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C614BA7-7103-4ED7-ADD0-56064FE256A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:database_server:18.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "150B7605-A960-4535-B65F-4FBF82426BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A9E97F04-00ED-48E9-AB40-7A02B3419641",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCCE5A11-39E7-4BBB-9E1A-BA4B754103BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_virtualization:13.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5AEC7F5-C353-4CF5-96CE-8C713A2B0C92",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB79BB43-E0AB-4F0D-A6EA-000485757EEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F238CB66-886D-47E8-8DC0-7FC2025771EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "59B7B8AD-1210-4C40-8EF7-E2E8156630A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DE4A291-4358-42A9-A68D-E59D9998A1CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D19CF00-FE20-4690-AAB7-8E9DBC68A94F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A030A498-3361-46F8-BB99-24A66CAE11CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:global_lifecycle_management_opatchauto:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C54D621E-E274-47EA-95A4-123B82BD4DD9",
              "versionEndExcluding": "12.2.0.1.14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager:11.1.2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142CD3F8-6523-49C9-BCC1-B01F55DBBE39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:identity_manager:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA10CA55-C155-4DAD-A109-87A80116F1A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "41684398-18A4-4DC6-B8A2-3EBAA0CBF9A6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B8249A74-C34A-4F66-8F11-F7F50F8813BF",
              "versionEndIncluding": "17.12",
              "versionStartIncluding": "17.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D55A54FD-7DD1-49CD-BE81-0BE73990943C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:16.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "82EB08C0-2D46-4635-88DF-E54F6452D3A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_advanced_spatial_and_operational_analytics:2.7.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FD0EC40-B96B-4E9C-9A81-4E65C4B9512E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
    },
    {
      "lang": "es",
      "value": "Se ha descubierto un error de deserializaci\u00f3n en jackson-databind, en versiones anteriores a la 2.8.10 y a la 2.9.1, que podr\u00eda permitir que un usuario no autenticado ejecute c\u00f3digo enviando las entradas maliciosamente manipuladas al m\u00e9todo readValue de ObjectMapper. Este problema ampl\u00eda el error previo de CVE-2017-7525 metiendo en la lista negra m\u00e1s clases que podr\u00edan emplearse de forma maliciosa."
    }
  ],
  "id": "CVE-2017-15095",
  "lastModified": "2024-11-21T03:14:03.620",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-02-06T15:29:00.233",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103880"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039769"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3189"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3190"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0342"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0478"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0479"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0480"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0481"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0576"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0577"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1447"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1448"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1449"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1450"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1451"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2927"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2858"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3149"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4037"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/103880"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1039769"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2017:3190"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0342"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0478"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0479"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0480"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0481"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0576"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:0577"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1447"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1448"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1449"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1450"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:1451"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2018:2927"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:2858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.debian.org/security/2017/dsa-4037"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-184"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-07-23 13:15
Modified
2024-11-21 04:18
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
References
secalert@redhat.comhttp://x-stream.github.io/changes.html#1.4.11Release Notes, Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2019:4352Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
secalert@redhat.comhttps://access.redhat.com/errata/RHSA-2020:0727Third Party Advisory
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173Issue Tracking, Third Party Advisory
secalert@redhat.comhttps://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
secalert@redhat.comhttps://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://x-stream.github.io/changes.html#1.4.11Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:3892Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2019:4352Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0445Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2020:0727Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com//security-alerts/cpujul2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuApr2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlThird Party Advisory
Impacted products
Vendor Product Version
xstream_project xstream 1.4.10
oracle banking_platform *
oracle banking_platform 2.4.0
oracle banking_platform 2.7.1
oracle banking_platform 2.9.0
oracle business_activity_monitoring 11.1.1.9.0
oracle business_activity_monitoring 12.2.1.3.0
oracle business_activity_monitoring 12.2.1.4.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 11.3.0.9.0
oracle communications_billing_and_revenue_management_elastic_charging_engine 12.0.0.3.0
oracle communications_diameter_signaling_router *
oracle communications_unified_inventory_management 7.3.0
oracle communications_unified_inventory_management 7.4.0
oracle endeca_information_discovery_studio 3.2.0
oracle endeca_information_discovery_studio 3.2.0.0
oracle retail_xstore_point_of_service 17.0
oracle utilities_framework *
oracle utilities_framework 2.2.0.0.0
oracle utilities_framework 4.2.0.2.0
oracle utilities_framework 4.2.0.3.0
oracle utilities_framework 4.4.0.0.0
oracle webcenter_portal 11.1.1.9.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xstream_project:xstream:1.4.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "3832CB4C-DDB8-439C-B396-1A1D91F70DEA",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
              "versionEndIncluding": "2.10.0",
              "versionStartIncluding": "2.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB9FC9AB-1070-420F-870E-A5EC43A924A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC723E79-8F35-417B-B9D9-6A707F74C1EE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5700C2E9-5FF2-48EF-AD85-3C03EDA76536",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA8461A2-428C-4817-92A9-0C671545698D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:11.3.0.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2BC2B7E4-358D-40EF-9517-6FAF5D973D73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management_elastic_charging_engine:12.0.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3784BE26-B268-40F3-9B10-88E50A4400AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D03A8C9-35A5-4B75-9711-7A4A60457307",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_studio:3.2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7C6438-6E88-41CD-BE34-90341030E41F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "55AE3629-4A66-49E4-A33D-6D81CC94962F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
              "versionEndIncluding": "4.3.0.6.0",
              "versionStartIncluding": "4.3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D883EED9-CC64-479D-9C0A-35EB16F43AB4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)"
    },
    {
      "lang": "es",
      "value": "Se encontr\u00f3 que la API de xstream versi\u00f3n 1.4.10 anterior a 1.4.11, introdujo una regresi\u00f3n para un fallo de deserializaci\u00f3n anterior. Si el framework security no ha sido inicializado, puede permitir a un atacante remoto ejecutar comandos de shell arbitrarios cuando se deserializa un XML o cualquier formato compatible. p.ej. JSON. (Regresi\u00f3n de CVE-2013-7285)"
    }
  ],
  "id": "CVE-2019-10173",
  "lastModified": "2024-11-21T04:18:34.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "secalert@redhat.com",
        "type": "Secondary"
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.8,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-07-23T13:15:13.177",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://x-stream.github.io/changes.html#1.4.11"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:4352"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0445"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0727"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "http://x-stream.github.io/changes.html#1.4.11"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:3892"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2019:4352"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0445"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://access.redhat.com/errata/RHSA-2020:0727"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-94"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-502"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Secondary"
    }
  ]
}

Vulnerability from fkie_nvd
Published
2019-10-08 14:15
Modified
2024-11-21 04:32
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
References
cve@mitre.orghttps://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E
cve@mitre.orghttps://security.netapp.com/advisory/ntap-20191024-0006/Third Party Advisory
cve@mitre.orghttps://www.bouncycastle.org/latest_releases.htmlRelease Notes, Vendor Advisory
cve@mitre.orghttps://www.bouncycastle.org/releasenotes.htmlRelease Notes, Vendor Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
cve@mitre.orghttps://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E
af854a3a-2127-422b-91ae-364da2661108https://security.netapp.com/advisory/ntap-20191024-0006/Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bouncycastle.org/latest_releases.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.bouncycastle.org/releasenotes.htmlRelease Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuapr2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2020.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.63
apache tomee 7.0.7
apache tomee 7.1.2
apache tomee 8.0.1
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp active_iq_unified_manager *
netapp oncommand_api_services -
netapp oncommand_workflow_automation -
netapp service_level_manager -
oracle business_process_management_suite 12.2.1.3.0
oracle business_process_management_suite 12.2.1.4.0
oracle communications_convergence *
oracle communications_diameter_signaling_router *
oracle communications_session_route_manager *
oracle data_integrator 12.2.1.4.0
oracle financial_services_analytical_applications_infrastructure *
oracle flexcube_private_banking 12.0.0
oracle flexcube_private_banking 12.1.0
oracle hospitality_guest_access 4.2.0
oracle managed_file_transfer 12.2.1.3.0
oracle managed_file_transfer 12.2.1.4.0
oracle peoplesoft_enterprise_hcm_global_payroll_switzerland 9.2
oracle peoplesoft_enterprise_peopletools 8.56
oracle peoplesoft_enterprise_peopletools 8.57
oracle peoplesoft_enterprise_peopletools 8.58
oracle retail_xstore_point_of_service 18.0.1
oracle soa_suite 12.2.1.3.0
oracle soa_suite 12.2.1.4.0
oracle webcenter_portal 11.1.1.9.0
oracle webcenter_portal 12.2.1.3.0
oracle webcenter_portal 12.2.1.4.0
oracle weblogic_server 12.2.1.3.0
oracle weblogic_server 12.2.1.4.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.63:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6EBCDB5-D5D0-431B-88E9-AC5EB3D35193",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:tomee:7.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7AAD10-F3A5-46F1-8C38-ECB0E1DDA184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomee:7.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19B3B8E4-D693-47F8-B1F4-1E61E70277C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:tomee:8.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2326A50-9A41-4B12-8885-D8BF67D97359",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:linux:*:*",
              "matchCriteriaId": "9FBC1BD0-FF12-4691-8751-5F245D991989",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:windows:*:*",
              "matchCriteriaId": "BD075607-09B7-493E-8611-66D041FFDA62",
              "versionStartIncluding": "7.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:*:*:*:*:*:vmware_vsphere:*:*",
              "matchCriteriaId": "0CB28AF5-5AF0-4475-A7B6-12E1795FFDCB",
              "versionStartIncluding": "9.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:netapp:service_level_manager:-:*:*:*:*:*:*:*",
              "matchCriteriaId": "7081652A-D28B-494E-94EF-CA88117F23EE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_convergence:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "145EC47E-2961-406A-8036-B35959423CDE",
              "versionEndIncluding": "3.0.2.1",
              "versionStartIncluding": "3.0.1.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "11B0C37E-D7C7-45F2-A8D8-5A3B1B191430",
              "versionEndIncluding": "8.2.2",
              "versionStartIncluding": "8.2.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F940AA-05BE-426C-89A3-4098E107D9A7",
              "versionEndIncluding": "8.0.9",
              "versionStartIncluding": "8.0.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A2E3E923-E2AD-400D-A618-26ADF7F841A2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:managed_file_transfer:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AB58D27-37F2-4A32-B786-3490024290A1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_hcm_global_payroll_switzerland:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF44A94C-8804-4C6C-A627-0BED05AEDCBD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.56:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0A735B4-4F3C-416B-8C08-9CB21BAD2889",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34C1AF7-C18D-424C-BD3F-F773A9E53DCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "65994DC4-C9C0-48B0-88AB-E2958B4EB9E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:soa_suite:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8F6B009C-A629-474C-AC4B-1B4917061714",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64."
    },
    {
      "lang": "es",
      "value": "El analizador ASN.1 en Bouncy Castle Crypto (tambi\u00e9n se conoce como BC Java) versi\u00f3n 1.63, puede desencadenar un intento de asignaci\u00f3n de memoria grande y un error OutOfMemoryError resultante, por medio de datos ASN.1 dise\u00f1ados. Esto se corrige en la versi\u00f3n 1.64."
    }
  ],
  "id": "CVE-2019-17359",
  "lastModified": "2024-11-21T04:32:10.340",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-08T14:15:10.573",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191024-0006/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.bouncycastle.org/latest_releases.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.bouncycastle.org/releasenotes.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20191024-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.bouncycastle.org/latest_releases.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://www.bouncycastle.org/releasenotes.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-770"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2017-9841
Vulnerability from cvelistv5
Published
2017-06-27 17:00
Modified
2024-08-05 17:18
Severity ?
Summary
Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a "<?php " substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI.
References
http://www.securityfocus.com/bid/101798vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1039812vdb-entry, x_refsource_SECTRACK
https://security.gentoo.org/glsa/201711-15vendor-advisory, x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5x_refsource_MISC
https://github.com/sebastianbergmann/phpunit/pull/1956x_refsource_MISC
http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/x_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T17:18:02.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "101798",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/101798"
          },
          {
            "name": "1039812",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039812"
          },
          {
            "name": "GLSA-201711-15",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201711-15"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2017-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a \"\u003c?php \" substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:37:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "101798",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/101798"
        },
        {
          "name": "1039812",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039812"
        },
        {
          "name": "GLSA-201711-15",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201711-15"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2017-9841",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Util/PHP/eval-stdin.php in PHPUnit before 4.8.28 and 5.x before 5.6.3 allows remote attackers to execute arbitrary PHP code via HTTP POST data beginning with a \"\u003c?php \" substring, as demonstrated by an attack on a site with an exposed /vendor folder, i.e., external access to the /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php URI."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "101798",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/101798"
            },
            {
              "name": "1039812",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039812"
            },
            {
              "name": "GLSA-201711-15",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201711-15"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5",
              "refsource": "MISC",
              "url": "https://github.com/sebastianbergmann/phpunit/commit/284a69fb88a2d0845d23f42974a583d8f59bf5a5"
            },
            {
              "name": "https://github.com/sebastianbergmann/phpunit/pull/1956",
              "refsource": "MISC",
              "url": "https://github.com/sebastianbergmann/phpunit/pull/1956"
            },
            {
              "name": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/",
              "refsource": "MISC",
              "url": "http://web.archive.org/web/20170701212357/http://phpunit.vulnbusters.com/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2017-9841",
    "datePublished": "2017-06-27T17:00:00",
    "dateReserved": "2017-06-24T00:00:00",
    "dateUpdated": "2024-08-05T17:18:02.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11113
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa).
References
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2670x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11113",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:43.551763Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:17.648Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.618Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:50",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11113",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.openjpa.ee.WASRegistryManagedRuntime (aka openjpa)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2670",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2670"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11113",
    "datePublished": "2020-03-31T04:37:27",
    "dateReserved": "2020-03-31T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.618Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14195
Vulnerability from cvelistv5
Published
2020-06-16 15:07
Modified
2024-08-04 12:39
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity).
References
https://github.com/FasterXML/jackson-databind/issues/2765x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200702-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:39:36.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:13",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14195",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to org.jsecurity.realm.jndi.JndiRealmFactory (aka org.jsecurity)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2765",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2765"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14195",
    "datePublished": "2020-06-16T15:07:11",
    "dateReserved": "2020-06-16T00:00:00",
    "dateUpdated": "2024-08-04T12:39:36.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24750
Vulnerability from cvelistv5
Published
2020-09-17 18:39
Modified
2024-08-04 15:19
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration.
References
https://github.com/FasterXML/jackson-databind/issues/2798x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86bx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20201009-0003/x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:09.375Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:22:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24750",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to com.pastdev.httpcomponents.configuration.JndiConfiguration."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2798",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2798"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/commit/ad5a630174f08d279504bc51ebba8772fd71b86b"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201009-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201009-0003/"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24750",
    "datePublished": "2020-09-17T18:39:40",
    "dateReserved": "2020-08-28T00:00:00",
    "dateUpdated": "2024-08-04T15:19:09.375Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7059
Vulnerability from cvelistv5
Published
2020-02-10 07:45
Modified
2024-09-17 02:37
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash.
References
https://seclists.org/bugtraq/2020/Feb/27mailing-list, x_refsource_BUGTRAQ
https://www.debian.org/security/2020/dsa-4626vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/4279-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2020/dsa-4628vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2020/Feb/31mailing-list, x_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlmailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202003-57vendor-advisory, x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://bugs.php.net/bug.php?id=79099x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200221-0002/x_refsource_CONFIRM
https://seclists.org/bugtraq/2021/Jan/3mailing-list, x_refsource_BUGTRAQ
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-14x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.078Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/27"
          },
          {
            "name": "DSA-4626",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4626"
          },
          {
            "name": "USN-4279-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4279-1/"
          },
          {
            "name": "DSA-4628",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4628"
          },
          {
            "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/31"
          },
          {
            "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0341",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
          },
          {
            "name": "GLSA-202003-57",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-57"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=79099"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
          },
          {
            "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2021/Jan/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.2.27",
              "status": "affected",
              "version": "7.2.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.14",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.2",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by wxhusst at gmail dot com"
        }
      ],
      "datePublic": "2020-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:07:28",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/27"
        },
        {
          "name": "DSA-4626",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4626"
        },
        {
          "name": "USN-4279-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4279-1/"
        },
        {
          "name": "DSA-4628",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4628"
        },
        {
          "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/31"
        },
        {
          "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
        },
        {
          "name": "openSUSE-SU-2020:0341",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
        },
        {
          "name": "GLSA-202003-57",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-57"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=79099"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
        },
        {
          "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2021/Jan/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79099"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "OOB read in php_strip_tags_ex",
      "workarounds": [
        {
          "lang": "en",
          "value": "Usage of fgetss() has been DEPRECATED as of PHP 7.3.0. Please use strip_tags() or other means sanitizing HTML code."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2020-01-21T15:21:00.000Z",
          "ID": "CVE-2020-7059",
          "STATE": "PUBLIC",
          "TITLE": "OOB read in php_strip_tags_ex"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2.x",
                            "version_value": "7.2.27"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.14"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by wxhusst at gmail dot com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using fgetss() function to read data with stripping tags, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause this function to read past the allocated buffer. This may lead to information disclosure or crash."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "USN-4279-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4279-1/"
            },
            {
              "name": "DSA-4628",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0341",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
            },
            {
              "name": "GLSA-202003-57",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-57"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=79099",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=79099"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200221-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=79099"
          ],
          "discovery": "EXTERNAL"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Usage of fgetss() has been DEPRECATED as of PHP 7.3.0. Please use strip_tags() or other means sanitizing HTML code."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2020-7059",
    "datePublished": "2020-02-10T07:45:13.921535Z",
    "dateReserved": "2020-01-15T00:00:00",
    "dateUpdated": "2024-09-17T02:37:14.052Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7069
Vulnerability from cvelistv5
Published
2020-10-02 14:14
Modified
2024-09-17 04:04
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N
Summary
In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data.
References
https://bugs.php.net/bug.php?id=79601x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/4583-1/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202012-16vendor-advisory, x_refsource_GENTOO
https://www.debian.org/security/2021/dsa-4856vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20201016-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-14x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=79601"
          },
          {
            "name": "FEDORA-2020-4573f0e03a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/"
          },
          {
            "name": "FEDORA-2020-4fe6b116e5",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/"
          },
          {
            "name": "FEDORA-2020-94763cb98b",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/"
          },
          {
            "name": "openSUSE-SU-2020:1703",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
          },
          {
            "name": "USN-4583-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4583-1/"
          },
          {
            "name": "openSUSE-SU-2020:1767",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
          },
          {
            "name": "GLSA-202012-16",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202012-16"
          },
          {
            "name": "DSA-4856",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4856"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.3.23",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.11",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.2.34",
              "status": "affected",
              "version": "7.2.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by bizxing at web dot de"
        }
      ],
      "datePublic": "2020-09-29T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:13",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=79601"
        },
        {
          "name": "FEDORA-2020-4573f0e03a",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/"
        },
        {
          "name": "FEDORA-2020-4fe6b116e5",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/"
        },
        {
          "name": "FEDORA-2020-94763cb98b",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/"
        },
        {
          "name": "openSUSE-SU-2020:1703",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
        },
        {
          "name": "USN-4583-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4583-1/"
        },
        {
          "name": "openSUSE-SU-2020:1767",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
        },
        {
          "name": "GLSA-202012-16",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202012-16"
        },
        {
          "name": "DSA-4856",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4856"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79601"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2020-09-29T06:12:00.000Z",
          "ID": "CVE-2020-7069",
          "STATE": "PUBLIC",
          "TITLE": "Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.23"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.11"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2.x",
                            "version_value": "7.2.34"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by bizxing at web dot de"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.2.x below 7.2.34, 7.3.x below 7.3.23 and 7.4.x below 7.4.11, when AES-CCM mode is used with openssl_encrypt() function with 12 bytes IV, only first 7 bytes of the IV is actually used. This can lead to both decreased security and incorrect encryption data."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=79601",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=79601"
            },
            {
              "name": "FEDORA-2020-4573f0e03a",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRU57N3OSYZPOMFWPRDNVH7EMYOTSZ66/"
            },
            {
              "name": "FEDORA-2020-4fe6b116e5",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7EVDN7D3IB4EAI4D3ZOM2OJKQ5SD7K4E/"
            },
            {
              "name": "FEDORA-2020-94763cb98b",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/P2J3ZZDHCSX65T5QWV4AHBN7MOJXBEKG/"
            },
            {
              "name": "openSUSE-SU-2020:1703",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00045.html"
            },
            {
              "name": "USN-4583-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4583-1/"
            },
            {
              "name": "openSUSE-SU-2020:1767",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00067.html"
            },
            {
              "name": "GLSA-202012-16",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202012-16"
            },
            {
              "name": "DSA-4856",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4856"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201016-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201016-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=79601"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2020-7069",
    "datePublished": "2020-10-02T14:14:45.340264Z",
    "dateReserved": "2020-01-15T00:00:00",
    "dateUpdated": "2024-09-17T04:04:37.418Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-11358
Vulnerability from cvelistv5
Published
2019-04-19 00:00
Modified
2024-11-15 15:11
Severity ?
Summary
jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype.
References
https://www.drupal.org/sa-core-2019-006
https://www.synology.com/security/advisory/Synology_SA_19_19
https://www.debian.org/security/2019/dsa-4434vendor-advisory
https://seclists.org/bugtraq/2019/Apr/32mailing-list
http://www.securityfocus.com/bid/108023vdb-entry
https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3Emailing-list
https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3Emailing-list
https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3Emailing-list
https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3Emailing-list
https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3Emailing-list
https://lists.debian.org/debian-lts-announce/2019/05/msg00006.htmlmailing-list
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/vendor-advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/vendor-advisory
https://seclists.org/bugtraq/2019/May/18mailing-list
http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html
http://seclists.org/fulldisclosure/2019/May/11mailing-list
http://seclists.org/fulldisclosure/2019/May/10mailing-list
http://seclists.org/fulldisclosure/2019/May/13mailing-list
https://lists.debian.org/debian-lts-announce/2019/05/msg00029.htmlmailing-list
http://www.openwall.com/lists/oss-security/2019/06/03/2mailing-list
http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html
https://access.redhat.com/errata/RHSA-2019:1456vendor-advisory
https://www.debian.org/security/2019/dsa-4460vendor-advisory
https://seclists.org/bugtraq/2019/Jun/12mailing-list
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.htmlvendor-advisory
https://access.redhat.com/errata/RHBA-2019:1570vendor-advisory
http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.htmlvendor-advisory
https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3Emailing-list
https://access.redhat.com/errata/RHSA-2019:2587vendor-advisory
https://security.netapp.com/advisory/ntap-20190919-0001/
https://access.redhat.com/errata/RHSA-2019:3023vendor-advisory
https://access.redhat.com/errata/RHSA-2019:3024vendor-advisory
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list
https://www.tenable.com/security/tns-2019-08
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list
https://lists.debian.org/debian-lts-announce/2020/02/msg00024.htmlmailing-list
http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html
https://www.tenable.com/security/tns-2020-02
https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpuapr2020.html
https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html
https://www.oracle.com/security-alerts/cpujan2020.html
https://backdropcms.org/security/backdrop-sa-core-2019-009
https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/
https://snyk.io/vuln/SNYK-JS-JQUERY-174006
https://github.com/jquery/jquery/pull/4333
https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b
https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/
https://www.oracle.com/security-alerts/cpuoct2020.html
https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601
https://www.oracle.com/security-alerts/cpujan2021.html
https://www.oracle.com/security-alerts/cpuApr2021.html
https://www.oracle.com//security-alerts/cpujul2021.html
https://www.oracle.com/security-alerts/cpuoct2021.html
https://www.oracle.com/security-alerts/cpujan2022.html
https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1
https://lists.debian.org/debian-lts-announce/2023/08/msg00040.htmlmailing-list
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:48:09.199Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.drupal.org/sa-core-2019-006"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
          },
          {
            "name": "DSA-4434",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4434"
          },
          {
            "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Apr/32"
          },
          {
            "name": "108023",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/108023"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
          },
          {
            "name": "FEDORA-2019-eba8e44ee6",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
          },
          {
            "name": "FEDORA-2019-1a3edd7e8a",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
          },
          {
            "name": "FEDORA-2019-7eaf0bbe7c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
          },
          {
            "name": "FEDORA-2019-2a0ce0c58c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
          },
          {
            "name": "FEDORA-2019-a06dffab1c",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
          },
          {
            "name": "FEDORA-2019-f563e66380",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
          },
          {
            "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/May/18"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
          },
          {
            "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/11"
          },
          {
            "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/10"
          },
          {
            "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2019/May/13"
          },
          {
            "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
          },
          {
            "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
          },
          {
            "name": "RHSA-2019:1456",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:1456"
          },
          {
            "name": "DSA-4460",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4460"
          },
          {
            "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/12"
          },
          {
            "name": "openSUSE-SU-2019:1839",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
          },
          {
            "name": "RHBA-2019:1570",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:1570"
          },
          {
            "name": "openSUSE-SU-2019:1872",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
          },
          {
            "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2587",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2587"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
          },
          {
            "name": "RHSA-2019:3023",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3023"
          },
          {
            "name": "RHSA-2019:3024",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3024"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-08"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2020-02"
          },
          {
            "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
          },
          {
            "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
          },
          {
            "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jquery/jquery/pull/4333"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
          },
          {
            "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-11358",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-02-20T15:03:16.892088Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T15:11:23.024Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable __proto__ property, it could extend the native Object.prototype."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-08-31T02:06:52.187292",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "url": "https://www.drupal.org/sa-core-2019-006"
        },
        {
          "url": "https://www.synology.com/security/advisory/Synology_SA_19_19"
        },
        {
          "name": "DSA-4434",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4434"
        },
        {
          "name": "20190421 [SECURITY] [DSA 4434-1] drupal7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Apr/32"
        },
        {
          "name": "108023",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/108023"
        },
        {
          "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/08720ef215ee7ab3386c05a1a90a7d1c852bf0706f176a7816bf65fc%40%3Ccommits.airflow.apache.org%3E"
        },
        {
          "name": "[airflow-commits] 20190428 [GitHub] [airflow] feng-tao opened a new pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/b736d0784cf02f5a30fbb4c5902762a15ad6d47e17e2c5a17b7d6205%40%3Ccommits.airflow.apache.org%3E"
        },
        {
          "name": "[airflow-commits] 20190428 [GitHub] [airflow] codecov-io commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/88fb0362fd40e5b605ea8149f63241537b8b6fb5bfa315391fc5cbb7%40%3Ccommits.airflow.apache.org%3E"
        },
        {
          "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG merged pull request #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/5928aa293e39d248266472210c50f176cac1535220f2486e6a7fa844%40%3Ccommits.airflow.apache.org%3E"
        },
        {
          "name": "[airflow-commits] 20190428 [GitHub] [airflow] XD-DENG commented on issue #5197: [AIRFLOW-XXX] Fix CVE-2019-11358",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/6097cdbd6f0a337bedd9bb5cc441b2d525ff002a96531de367e4259f%40%3Ccommits.airflow.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20190506 [SECURITY] [DLA 1777-1] jquery security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00006.html"
        },
        {
          "name": "FEDORA-2019-eba8e44ee6",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5IABSKTYZ5JUGL735UKGXL5YPRYOPUYI/"
        },
        {
          "name": "FEDORA-2019-1a3edd7e8a",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4UOAZIFCSZ3ENEFOR5IXX6NFAD3HV7FA/"
        },
        {
          "name": "FEDORA-2019-7eaf0bbe7c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/KYH3OAGR2RTCHRA5NOKX2TES7SNQMWGO/"
        },
        {
          "name": "FEDORA-2019-2a0ce0c58c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RLXRX23725JL366CNZGJZ7AQQB7LHQ6F/"
        },
        {
          "name": "FEDORA-2019-a06dffab1c",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QV3PKZC3PQCO3273HAT76PAQZFBEO4KP/"
        },
        {
          "name": "FEDORA-2019-f563e66380",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WZW27UCJ5CYFL4KFFFMYMIBNMIU2ALG5/"
        },
        {
          "name": "20190509 dotCMS v5.1.1 Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/May/18"
        },
        {
          "url": "http://packetstormsecurity.com/files/152787/dotCMS-5.1.1-Vulnerable-Dependencies.html"
        },
        {
          "name": "20190510 dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/11"
        },
        {
          "name": "20190510 dotCMS v5.1.1 Vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/10"
        },
        {
          "name": "20190510 Re: dotCMS v5.1.1 HTML Injection \u0026 XSS Vulnerability",
          "tags": [
            "mailing-list"
          ],
          "url": "http://seclists.org/fulldisclosure/2019/May/13"
        },
        {
          "name": "[debian-lts-announce] 20190520 [SECURITY] [DLA 1797-1] drupal7 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/05/msg00029.html"
        },
        {
          "name": "[oss-security] 20190603 Django: CVE-2019-12308 AdminURLFieldWidget XSS (plus patched bundled jQuery for CVE-2019-11358)",
          "tags": [
            "mailing-list"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/06/03/2"
        },
        {
          "url": "http://packetstormsecurity.com/files/153237/RetireJS-CORS-Issue-Script-Execution.html"
        },
        {
          "name": "RHSA-2019:1456",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:1456"
        },
        {
          "name": "DSA-4460",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4460"
        },
        {
          "name": "20190612 [SECURITY] [DSA 4460-1] mediawiki security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/12"
        },
        {
          "name": "openSUSE-SU-2019:1839",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00006.html"
        },
        {
          "name": "RHBA-2019:1570",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:1570"
        },
        {
          "name": "openSUSE-SU-2019:1872",
          "tags": [
            "vendor-advisory"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00025.html"
        },
        {
          "name": "[roller-commits] 20190820 [jira] [Created] (ROL-2150) Fix Js security vulnerabilities detected using retire js",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/ba79cf1658741e9f146e4c59b50aee56656ea95d841d358d006c18b6%40%3Ccommits.roller.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2587",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2587"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20190919-0001/"
        },
        {
          "name": "RHSA-2019:3023",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3023"
        },
        {
          "name": "RHSA-2019:3024",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3024"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "url": "https://www.tenable.com/security/tns-2019-08"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200224 [SECURITY] [DLA 2118-1] otrs2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00024.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/156743/OctoberCMS-Insecure-Dependencies.html"
        },
        {
          "url": "https://www.tenable.com/security/tns-2020-02"
        },
        {
          "name": "[syncope-dev] 20200423 Jquery version on 2.1.x/2.0.x",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r38f0d1aa3c923c22977fe7376508f030f22e22c1379fbb155bf29766%40%3Cdev.syncope.apache.org%3E"
        },
        {
          "name": "[flink-dev] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r7aac081cbddb6baa24b75e74abf0929bf309b176755a53e3ed810355%40%3Cdev.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20200513 [jira] [Created] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rac25da84ecdcd36f6de5ad0d255f4e967209bbbebddb285e231da37d%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20200518 [jira] [Commented] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2041a75d3fc09dec55adfd95d598b38d22715303f65c997c054844c9%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20200518 [jira] [Updated] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r7e8ebccb7c022e41295f6fdb7b971209b83702339f872ddd8cf8bf73%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20200518 [jira] [Assigned] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r41b5bfe009c845f67d4f68948cc9419ac2d62e287804aafd72892b08%40%3Cissues.flink.apache.org%3E"
        },
        {
          "name": "[flink-issues] 20200520 [jira] [Closed] (FLINK-17675) Resolve CVE-2019-11358 from jquery",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r2baacab6e0acb5a2092eb46ae04fd6c3e8277b4fd79b1ffb7f3254fa%40%3Cissues.flink.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "name": "[storm-dev] 20200708 [GitHub] [storm] Crim opened a new pull request #3305: [STORM-3553] Upgrade jQuery from 1.11.1 to 3.5.1",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r7d64895cc4dff84d0becfc572b20c0e4bf9bfa7b10c6f5f73e783734%40%3Cdev.storm.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "url": "https://backdropcms.org/security/backdrop-sa-core-2019-009"
        },
        {
          "url": "https://blog.jquery.com/2019/04/10/jquery-3-4-0-released/"
        },
        {
          "url": "https://snyk.io/vuln/SNYK-JS-JQUERY-174006"
        },
        {
          "url": "https://github.com/jquery/jquery/pull/4333"
        },
        {
          "url": "https://github.com/jquery/jquery/commit/753d591aea698e57d6db58c9f722cd0808619b1b"
        },
        {
          "url": "https://www.privacy-wise.com/mitigating-cve-2019-11358-in-old-versions-of-jquery/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "url": "https://kb.pulsesecure.net/articles/Pulse_Security_Advisories/SA44601"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://supportportal.juniper.net/s/article/2021-07-Security-Bulletin-Junos-OS-Multiple-J-Web-vulnerabilities-resolved-in-Junos-OS-21-2R1"
        },
        {
          "name": "[debian-lts-announce] 20230831 [SECURITY] [DLA 3551-1] otrs2 security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00040.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-11358",
    "datePublished": "2019-04-19T00:00:00",
    "dateReserved": "2019-04-19T00:00:00",
    "dateUpdated": "2024-11-15T15:11:23.024Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17091
Vulnerability from cvelistv5
Published
2019-10-02 13:58
Modified
2024-08-05 01:33
Severity ?
Summary
faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled.
References
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244x_refsource_MISC
https://github.com/eclipse-ee4j/mojarra/pull/4567x_refsource_MISC
https://github.com/eclipse-ee4j/mojarra/issues/4556x_refsource_MISC
https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txtx_refsource_MISC
https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASEx_refsource_MISC
https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dceex_refsource_MISC
https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81fx_refsource_MISC
https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20x_refsource_MISC
https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fex_refsource_MISC
https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:33:16.741Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:40:08",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17091",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "faces/context/PartialViewContextImpl.java in Eclipse Mojarra, as used in Mojarra for Eclipse EE4J before 2.3.10 and Mojarra JavaServer Faces before 2.2.20, allows Reflected XSS because a client window field is mishandled."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244",
              "refsource": "MISC",
              "url": "https://bugs.eclipse.org/bugs/show_bug.cgi?id=548244"
            },
            {
              "name": "https://github.com/eclipse-ee4j/mojarra/pull/4567",
              "refsource": "MISC",
              "url": "https://github.com/eclipse-ee4j/mojarra/pull/4567"
            },
            {
              "name": "https://github.com/eclipse-ee4j/mojarra/issues/4556",
              "refsource": "MISC",
              "url": "https://github.com/eclipse-ee4j/mojarra/issues/4556"
            },
            {
              "name": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt",
              "refsource": "MISC",
              "url": "https://github.com/eclipse-ee4j/mojarra/files/3039198/advisory.txt"
            },
            {
              "name": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE",
              "refsource": "MISC",
              "url": "https://github.com/eclipse-ee4j/mojarra/compare/2.3.9-RELEASE...2.3.10-RELEASE"
            },
            {
              "name": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee",
              "refsource": "MISC",
              "url": "https://github.com/eclipse-ee4j/mojarra/commit/8f70f2bd024f00ecd5b3dcca45df73edda29dcee"
            },
            {
              "name": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f",
              "refsource": "MISC",
              "url": "https://github.com/eclipse-ee4j/mojarra/commit/a3fa9573789ed5e867c43ea38374f4dbd5a8f81f"
            },
            {
              "name": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20",
              "refsource": "MISC",
              "url": "https://github.com/javaserverfaces/mojarra/compare/2.2.19...2.2.20"
            },
            {
              "name": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe",
              "refsource": "MISC",
              "url": "https://github.com/javaserverfaces/mojarra/commit/ae1c234d0a6750822ac69d4ae26d90e3571f27fe"
            },
            {
              "name": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4",
              "refsource": "MISC",
              "url": "https://github.com/javaserverfaces/mojarra/commit/f61935cd39f34329fbf27b1972a506fbdd0ab4d4"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17091",
    "datePublished": "2019-10-02T13:58:49",
    "dateReserved": "2019-10-02T00:00:00",
    "dateUpdated": "2024-08-05T01:33:16.741Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-12423
Vulnerability from cvelistv5
Published
2020-01-16 17:42
Modified
2024-08-04 23:17
Severity ?
Summary
Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter "rs.security.keystore.type" to "jwk". For this case all keys are returned in this file "as is", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. "oct" keys, which contain secret keys, are not returned at all.
References
https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1&modificationDate=1579178393000&api=v2x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T23:17:40.033Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[announce] 20200116 [CVE-2019-12423] - Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1\u0026modificationDate=1579178393000\u0026api=v2"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "CXF",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "All versions of Apache CXF prior to 3.3.5 and 3.2.12."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-16T11:07:43",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[announce] 20200116 [CVE-2019-12423] - Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1\u0026modificationDate=1579178393000\u0026api=v2"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-12423",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "CXF",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All versions of Apache CXF prior to 3.3.5 and 3.2.12."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache CXF ships with a OpenId Connect JWK Keys service, which allows a client to obtain the public keys in JWK format, which can then be used to verify the signature of tokens issued by the service. Typically, the service obtains the public key from a local keystore (JKS/PKCS12) by specifing the path of the keystore and the alias of the keystore entry. This case is not vulnerable. However it is also possible to obtain the keys from a JWK keystore file, by setting the configuration parameter \"rs.security.keystore.type\" to \"jwk\". For this case all keys are returned in this file \"as is\", including all private key and secret key credentials. This is an obvious security risk if the user has configured the signature keystore file with private or secret key credentials. From CXF 3.3.5 and 3.2.12, it is mandatory to specify an alias corresponding to the id of the key in the JWK file, and only this key is returned. In addition, any private key information is omitted by default. \"oct\" keys, which contain secret keys, are not returned at all."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[announce] 20200116 [CVE-2019-12423] - Apache CXF OpenId Connect JWK Keys service returns private/secret credentials if configured with a jwk keystore",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd588ff96f18563aeb5f87ac8c6bce7aae86cb1a4d4be483f96e7208c@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200319 svn commit: r1058035 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2019-17573.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r36e44ffc1a9b365327df62cdfaabe85b9a5637de102cea07d79b2dbf@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20200401 svn commit: r1058573 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2020-1954.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rff42cfa5e7d75b7c1af0e37589140a8f1999e578a75738740b244bd4@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1\u0026modificationDate=1579178393000\u0026api=v2",
              "refsource": "CONFIRM",
              "url": "http://cxf.apache.org/security-advisories.data/CVE-2019-12423.txt.asc?version=1\u0026modificationDate=1579178393000\u0026api=v2"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-12423",
    "datePublished": "2020-01-16T17:42:14",
    "dateReserved": "2019-05-28T00:00:00",
    "dateUpdated": "2024-08-04T23:17:40.033Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-11039
Vulnerability from cvelistv5
Published
2018-06-25 15:00
Modified
2024-09-16 22:08
Severity ?
Summary
Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.
References
http://www.securityfocus.com/bid/107984vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-11039x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107984",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107984"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-11039"
          },
          {
            "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Pivotal",
          "versions": [
            {
              "lessThan": "5.0.7",
              "status": "affected",
              "version": "5.0.x",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.18",
              "status": "affected",
              "version": "4.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Tracing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:37:56",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "107984",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107984"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-11039"
        },
        {
          "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-06-14T04:00:00.000Z",
          "ID": "CVE-2018-11039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "5.0.x",
                            "version_value": "5.0.7"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "4.3.x",
                            "version_value": "4.3.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Tracing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107984",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107984"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-11039",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-11039"
            },
            {
              "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11039",
    "datePublished": "2018-06-25T15:00:00Z",
    "dateReserved": "2018-05-14T00:00:00",
    "dateUpdated": "2024-09-16T22:08:49.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-2729
Vulnerability from cvelistv5
Published
2019-06-19 22:24
Modified
2024-10-15 19:01
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:56:45.635Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-2729",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:36:35.595997Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T19:01:01.374Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WebLogic Server",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "10.3.6.0.0"
            },
            {
              "status": "affected",
              "version": "12.1.3.0.0"
            },
            {
              "status": "affected",
              "version": "12.2.1.3.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:43:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2729",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WebLogic Server",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "10.3.6.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "12.1.3.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "12.2.1.3.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server.  Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/alert-cve-2019-2729-5570780.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155886/Oracle-Weblogic-10.3.6.0.0-Remote-Command-Execution.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2019-2729",
    "datePublished": "2019-06-19T22:24:10",
    "dateReserved": "2018-12-14T00:00:00",
    "dateUpdated": "2024-10-15T19:01:01.374Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-21703
Vulnerability from cvelistv5
Published
2021-10-25 05:40
Modified
2024-09-17 03:02
Severity ?
7.8 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Summary
In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user.
References
https://bugs.php.net/bug.php?id=81026x_refsource_MISC
https://www.debian.org/security/2021/dsa-4992vendor-advisory, x_refsource_DEBIAN
https://www.debian.org/security/2021/dsa-4993vendor-advisory, x_refsource_DEBIAN
http://www.openwall.com/lists/oss-security/2021/10/26/7mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/10/msg00021.htmlmailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20211118-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://security.gentoo.org/glsa/202209-20vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=81026"
          },
          {
            "name": "DSA-4992",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4992"
          },
          {
            "name": "DSA-4993",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4993"
          },
          {
            "name": "[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 \u003c= 8.0.12 Local Root",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
          },
          {
            "name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
          },
          {
            "name": "FEDORA-2021-9f68f5f752",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
          },
          {
            "name": "FEDORA-2021-4140b54de2",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
          },
          {
            "name": "FEDORA-2021-02d218c3be",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "GLSA-202209-20",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202209-20"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThanOrEqual": "7.3.31",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.25",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.12",
              "status": "affected",
              "version": "8.0.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "configurations": [
        {
          "lang": "en",
          "value": "PHP FPM is being used with the main process having higher privileges than the worker processes."
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by Charles Fol"
        }
      ],
      "datePublic": "2021-10-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-787",
              "description": "CWE-787 Out-of-bounds Write",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-284",
              "description": "CWE-284 Improper Access Control",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-09-29T16:06:50",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=81026"
        },
        {
          "name": "DSA-4992",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4992"
        },
        {
          "name": "DSA-4993",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4993"
        },
        {
          "name": "[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 \u003c= 8.0.12 Local Root",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
        },
        {
          "name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
        },
        {
          "name": "FEDORA-2021-9f68f5f752",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
        },
        {
          "name": "FEDORA-2021-4140b54de2",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
        },
        {
          "name": "FEDORA-2021-02d218c3be",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "GLSA-202209-20",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202209-20"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=81026"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "PHP-FPM memory access in root process leading to privilege escalation",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2021-10-18T22:40:00.000Z",
          "ID": "CVE-2021-21703",
          "STATE": "PUBLIC",
          "TITLE": "PHP-FPM memory access in root process leading to privilege escalation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c=",
                            "version_name": "7.3.x",
                            "version_value": "7.3.31"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.25"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.0.X",
                            "version_value": "8.0.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "configuration": [
          {
            "lang": "en",
            "value": "PHP FPM is being used with the main process having higher privileges than the worker processes."
          }
        ],
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by Charles Fol"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.3.x up to and including 7.3.31, 7.4.x below 7.4.25 and 8.0.x below 8.0.12, when running PHP FPM SAPI with main FPM daemon process running as root and child worker processes running as lower-privileged users, it is possible for the child processes to access memory shared with the main process and write to it, modifying it in a way that would cause the root process to conduct invalid memory reads and writes, which can be used to escalate privileges from local unprivileged user to the root user."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-787 Out-of-bounds Write"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-284 Improper Access Control"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=81026",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=81026"
            },
            {
              "name": "DSA-4992",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4992"
            },
            {
              "name": "DSA-4993",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4993"
            },
            {
              "name": "[oss-security] 20211026 CVE-2021-21703: PHP-FPM 5.3.7 \u003c= 8.0.12 Local Root",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/7"
            },
            {
              "name": "[debian-lts-announce] 20211027 [SECURITY] [DLA 2794-1] php7.0 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00021.html"
            },
            {
              "name": "FEDORA-2021-9f68f5f752",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JO5RA6YOBGGGKLIA6F6BQRZDDECF5L3R/"
            },
            {
              "name": "FEDORA-2021-4140b54de2",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PBM3KKB3RY2YPOKNMC4HIH7IH3T3WC74/"
            },
            {
              "name": "FEDORA-2021-02d218c3be",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6PZVLICZUJMXOGWOUWSBAEGIVTF6Y6V3/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211118-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211118-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "GLSA-202209-20",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202209-20"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=81026"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2021-21703",
    "datePublished": "2021-10-25T05:40:08.576727Z",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-09-17T03:02:55.020Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-5397
Vulnerability from cvelistv5
Published
2020-01-17 18:50
Modified
2024-09-17 01:45
Severity ?
5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Summary
Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack.
References
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://pivotal.io/security/cve-2020-5397x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:23.996Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2020-5397"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "v5.2.3.RELEASE",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:23:10",
        "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "shortName": "pivotal"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2020-5397"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "DATE_PUBLIC": "2020-01-16T00:00:00.000Z",
          "ID": "CVE-2020-5397",
          "STATE": "PUBLIC",
          "TITLE": "CSRF Attack via CORS Preflight Requests with Spring MVC or Spring WebFlux"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "5.2",
                            "version_value": "v5.2.3.RELEASE"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.2.x prior to 5.2.3 are vulnerable to CSRF attacks through CORS preflight requests that target Spring MVC (spring-webmvc module) or Spring WebFlux (spring-webflux module) endpoints. Only non-authenticated endpoints are vulnerable because preflight requests should not include credentials and therefore requests should fail authentication. However a notable exception to this are Chrome based browsers when using client certificates for authentication since Chrome sends TLS client certificates in CORS preflight requests in violation of spec requirements. No HTTP body can be sent or received as a result of this attack."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2020-5397",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2020-5397"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
    "assignerShortName": "pivotal",
    "cveId": "CVE-2020-5397",
    "datePublished": "2020-01-17T18:50:12.742951Z",
    "dateReserved": "2020-01-03T00:00:00",
    "dateUpdated": "2024-09-17T01:45:35.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-15095
Vulnerability from cvelistv5
Published
2018-02-06 15:00
Modified
2024-09-16 22:57
Severity ?
Summary
A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously.
References
https://access.redhat.com/errata/RHSA-2018:1448vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103880vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:0479vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0481vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1449vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1450vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0577vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0576vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3190vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1451vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:3189vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2927vendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1039769vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:0342vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0480vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1447vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:0478vendor-advisory, x_refsource_REDHAT
https://www.debian.org/security/2017/dsa-4037vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/01/msg00037.htmlmailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20171214-0003/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1737x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/1680x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T19:50:14.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:1448",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1448"
          },
          {
            "name": "103880",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103880"
          },
          {
            "name": "RHSA-2018:0479",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0479"
          },
          {
            "name": "RHSA-2018:0481",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0481"
          },
          {
            "name": "RHSA-2018:1449",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1449"
          },
          {
            "name": "RHSA-2018:1450",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1450"
          },
          {
            "name": "RHSA-2018:0577",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0577"
          },
          {
            "name": "RHSA-2018:0576",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0576"
          },
          {
            "name": "RHSA-2017:3190",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3190"
          },
          {
            "name": "RHSA-2018:1451",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1451"
          },
          {
            "name": "RHSA-2017:3189",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:3189"
          },
          {
            "name": "RHSA-2018:2927",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2927"
          },
          {
            "name": "1039769",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1039769"
          },
          {
            "name": "RHSA-2018:0342",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0342"
          },
          {
            "name": "RHSA-2018:0480",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0480"
          },
          {
            "name": "RHSA-2018:1447",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1447"
          },
          {
            "name": "RHSA-2018:0478",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0478"
          },
          {
            "name": "DSA-4037",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2017/dsa-4037"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "jackson-databind",
          "vendor": "FasterXML",
          "versions": [
            {
              "status": "affected",
              "version": "before 2.8.10"
            },
            {
              "status": "affected",
              "version": "before 2.9.1"
            }
          ]
        }
      ],
      "datePublic": "2017-06-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-184",
              "description": "CWE-184",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T21:14:51",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2018:1448",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1448"
        },
        {
          "name": "103880",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103880"
        },
        {
          "name": "RHSA-2018:0479",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0479"
        },
        {
          "name": "RHSA-2018:0481",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0481"
        },
        {
          "name": "RHSA-2018:1449",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1449"
        },
        {
          "name": "RHSA-2018:1450",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1450"
        },
        {
          "name": "RHSA-2018:0577",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0577"
        },
        {
          "name": "RHSA-2018:0576",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0576"
        },
        {
          "name": "RHSA-2017:3190",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3190"
        },
        {
          "name": "RHSA-2018:1451",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1451"
        },
        {
          "name": "RHSA-2017:3189",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:3189"
        },
        {
          "name": "RHSA-2018:2927",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2927"
        },
        {
          "name": "1039769",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1039769"
        },
        {
          "name": "RHSA-2018:0342",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0342"
        },
        {
          "name": "RHSA-2018:0480",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0480"
        },
        {
          "name": "RHSA-2018:1447",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1447"
        },
        {
          "name": "RHSA-2018:0478",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0478"
        },
        {
          "name": "DSA-4037",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2017/dsa-4037"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629%40%3Csolr-user.lucene.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "DATE_PUBLIC": "2017-06-27T00:00:00",
          "ID": "CVE-2017-15095",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "jackson-databind",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "before 2.8.10"
                          },
                          {
                            "version_value": "before 2.9.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "FasterXML"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A deserialization flaw was discovered in the jackson-databind in versions before 2.8.10 and 2.9.1, which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. This issue extends the previous flaw CVE-2017-7525 by blacklisting more classes that could be used maliciously."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-184"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:1448",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1448"
            },
            {
              "name": "103880",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103880"
            },
            {
              "name": "RHSA-2018:0479",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0479"
            },
            {
              "name": "RHSA-2018:0481",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0481"
            },
            {
              "name": "RHSA-2018:1449",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1449"
            },
            {
              "name": "RHSA-2018:1450",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1450"
            },
            {
              "name": "RHSA-2018:0577",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0577"
            },
            {
              "name": "RHSA-2018:0576",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0576"
            },
            {
              "name": "RHSA-2017:3190",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3190"
            },
            {
              "name": "RHSA-2018:1451",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1451"
            },
            {
              "name": "RHSA-2017:3189",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:3189"
            },
            {
              "name": "RHSA-2018:2927",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2927"
            },
            {
              "name": "1039769",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1039769"
            },
            {
              "name": "RHSA-2018:0342",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0342"
            },
            {
              "name": "RHSA-2018:0480",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0480"
            },
            {
              "name": "RHSA-2018:1447",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1447"
            },
            {
              "name": "RHSA-2018:0478",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0478"
            },
            {
              "name": "DSA-4037",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2017/dsa-4037"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "[lucene-solr-user] 20191219 Re: CVE-2017-7525 fix for Solr 7.7.x",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f095a791bda6c0595f691eddd0febb2d396987eec5cbd29120d8c629@%3Csolr-user.lucene.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200131 [SECURITY] [DLA 2091-1] libjackson-json-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/01/msg00037.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20171214-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20171214-0003/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1737",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1737"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/1680",
              "refsource": "CONFIRM",
              "url": "https://github.com/FasterXML/jackson-databind/issues/1680"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-15095",
    "datePublished": "2018-02-06T15:00:00Z",
    "dateReserved": "2017-10-08T00:00:00",
    "dateUpdated": "2024-09-16T22:57:07.488Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-5398
Vulnerability from cvelistv5
Published
2020-01-16 23:55
Modified
2024-09-16 17:43
Severity ?
8.0 (High) - CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H
Summary
In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a "Content-Disposition" header in the response where the filename attribute is derived from user supplied input.
References
https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://pivotal.io/security/cve-2020-5398x_refsource_CONFIRM
https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3Ex_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210917-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:30:24.114Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[camel-commits] 20200220 [camel] branch camel-2.25.x updated: Updating Spring due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[geode-dev] 20200410 Proposal to bring GEODE-7970 to support/1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3E"
          },
          {
            "name": "[geode-dev] 20200410 Re: Proposal to bring GEODE-7970 to support/1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200514 [jira] [Created] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200514 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200514 [GitHub] [karaf] coheigea opened a new pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200514 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200514 [GitHub] [karaf] skitt commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200514 [GitHub] [karaf] coheigea commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200517 [jira] [Assigned] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200517 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200518 [jira] [Commented] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre removed a comment on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre merged pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200518 [karaf] branch karaf-4.2.x updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-commits] 20200518 [karaf] branch master updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3E"
          },
          {
            "name": "[karaf-issues] 20200518 [jira] [Resolved] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2020-5398"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3E"
          },
          {
            "name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
          },
          {
            "name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
          },
          {
            "name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
          },
          {
            "name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[rocketmq-dev] 20210317 [GitHub] [rocketmq-externals] vongosling commented on issue #690: Spring Framework CVE-2020-5398",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring",
          "versions": [
            {
              "lessThan": "v5.0.16.RELEASE",
              "status": "affected",
              "version": "5.0",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.1.13.RELEASE",
              "status": "affected",
              "version": "5.1",
              "versionType": "custom"
            },
            {
              "lessThan": "v5.2.3.RELEASE",
              "status": "affected",
              "version": "5.2",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2020-01-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Cross-site Scripting (XSS) - Reflected",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:23:21",
        "orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
        "shortName": "pivotal"
      },
      "references": [
        {
          "name": "[camel-commits] 20200220 [camel] branch camel-2.25.x updated: Updating Spring due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[geode-dev] 20200410 Proposal to bring GEODE-7970 to support/1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f%40%3Cdev.geode.apache.org%3E"
        },
        {
          "name": "[geode-dev] 20200410 Re: Proposal to bring GEODE-7970 to support/1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc%40%3Cdev.geode.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200514 [jira] [Created] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200514 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200514 [GitHub] [karaf] coheigea opened a new pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200514 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200514 [GitHub] [karaf] skitt commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200514 [GitHub] [karaf] coheigea commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200517 [jira] [Assigned] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200517 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200518 [jira] [Commented] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre removed a comment on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre merged pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200518 [karaf] branch karaf-4.2.x updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-commits] 20200518 [karaf] branch master updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc%40%3Ccommits.karaf.apache.org%3E"
        },
        {
          "name": "[karaf-issues] 20200518 [jira] [Resolved] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad%40%3Cissues.karaf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2020-5398"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46%40%3Ccommits.servicecomb.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d%40%3Ccommits.servicecomb.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a%40%3Ccommits.servicecomb.apache.org%3E"
        },
        {
          "name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
        },
        {
          "name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
        },
        {
          "name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
        },
        {
          "name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[rocketmq-dev] 20210317 [GitHub] [rocketmq-externals] vongosling commented on issue #690: Spring Framework CVE-2020-5398",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d%40%3Cdev.rocketmq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "RFD Attack via \"Content-Disposition\"  Header Sourced from Request Input by Spring MVC or Spring WebFlux Application",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@pivotal.io",
          "DATE_PUBLIC": "2020-01-16T00:00:00.000Z",
          "ID": "CVE-2020-5398",
          "STATE": "PUBLIC",
          "TITLE": "RFD Attack via \"Content-Disposition\"  Header Sourced from Request Input by Spring MVC or Spring WebFlux Application"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "5.0",
                            "version_value": "v5.0.16.RELEASE"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "5.1",
                            "version_value": "v5.1.13.RELEASE"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "5.2",
                            "version_value": "v5.2.3.RELEASE"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Spring Framework, versions 5.2.x prior to 5.2.3, versions 5.1.x prior to 5.1.13, and versions 5.0.x prior to 5.0.16, an application is vulnerable to a reflected file download (RFD) attack when it sets a \"Content-Disposition\" header in the response where the filename attribute is derived from user supplied input."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-79: Cross-site Scripting (XSS) - Reflected"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[camel-commits] 20200220 [camel] branch camel-2.25.x updated: Updating Spring due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf8dc72b974ee74f17bce661ea7d124e733a1f4c4f236354ac0cf48e8@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[geode-dev] 20200410 Proposal to bring GEODE-7970 to support/1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc05acaacad089613e9642f939b3a44f7199b5537493945c3e045287f@%3Cdev.geode.apache.org%3E"
            },
            {
              "name": "[geode-dev] 20200410 Re: Proposal to bring GEODE-7970 to support/1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdcaadaa9a68b31b7d093d76eacfaacf6c7a819f976b595c75ad2d4dc@%3Cdev.geode.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200514 [jira] [Created] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7361bfe84bde9d233f9800c3a96673e7bd81207549ced0236f07a29d@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200514 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9fb1ee08cf337d16c3364feb0f35a072438c1a956afd7b77859aa090@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200514 [GitHub] [karaf] coheigea opened a new pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0f3530f7cb510036e497532ffc4e0bd0b882940448cf4e233994b08b@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200514 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8736185eb921022225a83e56d7285a217fd83f5524bd64a6ca3bf5cc@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200514 [GitHub] [karaf] skitt commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7d5e518088e2e778928b02bcd3be3b948b59acefe2f0ebb57ec2ebb0@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200514 [GitHub] [karaf] coheigea commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3765353ff434fd00d8fa5a44734b3625a06eeb2a3fb468da7dfae134@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rab0de39839b4c208dcd73f01e12899dc453361935a816a784548e048@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200517 [jira] [Assigned] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1bc5d673c01cfbb8e4a91914e9748ead3e5f56b61bca54d314c0419b@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200517 [jira] [Updated] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4b1886e82cc98ef38f582fef7d4ea722e3fcf46637cd4674926ba682@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/reaa8a6674baf2724b1b88a621b0d72d9f7a6f5577c88759842c16eb6@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200517 [GitHub] [karaf] jbonofre commented on a change in pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74f81f93a9b69140fe41e236afa7cbe8dfa75692e7ab31a468fddaa0@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200517 [jira] [Commented] (KARAF-6721) Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r028977b9b9d44a89823639aa3296fb0f0cfdd76b4450df89d3c4fbbf@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200518 [jira] [Commented] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2dfd5b331b46d3f90c4dd63a060e9f04300468293874bd7e41af7163@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre commented on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8cc37a60a5056351377ee5f1258f2a4fdd39822a257838ba6bcc1e88@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre removed a comment on pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1accbd4f31ad2f40e1661d70a4510a584eb3efd1e32e8660ccf46676@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200518 [GitHub] [karaf] jbonofre merged pull request #1118: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb4d1fc078f086ec2e98b2693e8b358e58a6a4ef903ceed93a1ee2b18@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200518 [karaf] branch karaf-4.2.x updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6dac0e365d1b2df9a7ffca12b4195181ec14ff0abdf59e1fdb088ce5@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-commits] 20200518 [karaf] branch master updated: KARAF-6721 - Update Spring versions due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4639e821ef9ca6ca10887988f410a60261400a7766560e7a97a22efc@%3Ccommits.karaf.apache.org%3E"
            },
            {
              "name": "[karaf-issues] 20200518 [jira] [Resolved] (KARAF-6721) Upgrade to Spring 5.1.14.RELEASE and 5.2.5.RELEASE due to CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0f2d0ae1bad2edb3d4a863d77f3097b5e88cfbdae7b809f4f42d6aad@%3Cissues.karaf.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2020-5398",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2020-5398"
            },
            {
              "name": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3Ccommits.servicecomb.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r712a6fce928e24e7b6ec30994a7e115a70f1f6e4cf2c2fbf0347ce46@%3Ccommits.servicecomb.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3Ccommits.servicecomb.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/ra996b56e1f5ab2fed235a8b91fa0cc3cf34c2e9fee290b7fa4380a0d@%3Ccommits.servicecomb.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r881fb5a95ab251106fed38f836257276feb026bfe01290e72ff91c2a@%3Ccommits.servicecomb.apache.org%3E"
            },
            {
              "name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E"
            },
            {
              "name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E"
            },
            {
              "name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E"
            },
            {
              "name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[rocketmq-dev] 20210317 [GitHub] [rocketmq-externals] vongosling commented on issue #690: Spring Framework CVE-2020-5398",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc9c7f96f08c8554225dba9050ea5e64bebc129d0d836303143fe3160@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3Cdev.rocketmq.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/rded5291e25a4c4085a6d43cf262e479140198bf4eabb84986e0a1ef3@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3Cdev.rocketmq.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r645408661a8df9158f49e337072df39838fa76da629a7e25a20928a6@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r27552d2fa10d96f2810c50d16ad1fd1899e37796c81a0c5e7585a02d@%3Cdev.rocketmq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210917-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210917-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
    "assignerShortName": "pivotal",
    "cveId": "CVE-2020-5398",
    "datePublished": "2020-01-16T23:55:15.596268Z",
    "dateReserved": "2020-01-03T00:00:00",
    "dateUpdated": "2024-09-16T17:43:32.422Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-17359
Vulnerability from cvelistv5
Published
2019-10-08 13:39
Modified
2024-08-05 01:40
Severity ?
Summary
The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64.
References
https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.bouncycastle.org/releasenotes.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://www.bouncycastle.org/latest_releases.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20191024-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:40:15.255Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Commented] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200320 [jira] [Assigned] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200322 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200519 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20200519 [jira] [Resolved] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bouncycastle.org/releasenotes.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bouncycastle.org/latest_releases.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20191024-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Commented] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200320 [jira] [Assigned] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200322 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200519 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20200519 [jira] [Resolved] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bouncycastle.org/releasenotes.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bouncycastle.org/latest_releases.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20191024-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-17359",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The ASN.1 parser in Bouncy Castle Crypto (aka BC Java) 1.63 can trigger a large attempted memory allocation, and resultant OutOfMemoryError error, via crafted ASN.1 data. This is fixed in 1.64."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomee-commits] 20200320 [jira] [Created] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r467ade3fef3493f1fff1a68a256d087874e1f858ad1de7a49fe05d27@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4d475dcaf4f57115fa57d8e06c3823ca398b35468429e7946ebaefdc@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Commented] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r16c3a90cb35ae8a9c74fd5c813c16d6ac255709c9f9d71cd409e007d@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200320 [jira] [Assigned] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r02f887807a49cfd1f1ad53f7a61f3f8e12f60ba2c930bec163031209@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200322 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r91b07985b1307390a58c5b9707f0b28ef8e9c9e1c86670459f20d601@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200323 [jira] [Commented] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re60f980c092ada4bfe236dcfef8b6ca3e8f3b150fc0f51b8cc13d59d@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200519 [jira] [Updated] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8ecb5b76347f84b6e3c693f980dbbead88c25f77b815053c4e6f2c30@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20200519 [jira] [Resolved] (TOMEE-2788) TomEE plus is affected by CVE-2019-17359 (BDSA-2019-3168) vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r79b6a6aa0dd1aeb57bd253d94794bc96f1ec005953c4bd5414cc0db0@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.bouncycastle.org/releasenotes.html",
              "refsource": "MISC",
              "url": "https://www.bouncycastle.org/releasenotes.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.bouncycastle.org/latest_releases.html",
              "refsource": "MISC",
              "url": "https://www.bouncycastle.org/latest_releases.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20191024-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20191024-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-17359",
    "datePublished": "2019-10-08T13:39:54",
    "dateReserved": "2019-10-08T00:00:00",
    "dateUpdated": "2024-08-05T01:40:15.255Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-34429
Vulnerability from cvelistv5
Published
2021-07-15 17:00
Modified
2024-08-04 00:12
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Summary
For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 & 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5.
References
https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vmx_refsource_CONFIRM
https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210819-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T00:12:50.169Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
          },
          {
            "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
          },
          {
            "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Eclipse Jetty",
          "vendor": "The Eclipse Foundation",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.4.37",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "9.4.42",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "10.0.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "10.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "11.0.1",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "11.0.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-200",
              "description": "CWE-200",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-551",
              "description": "CWE-551",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:29:06",
        "orgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
        "shortName": "eclipse"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
        },
        {
          "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1%40%3Cdev.santuario.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe%40%3Ccommits.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e%40%3Cdev.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c%40%3Cjira.kafka.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398%40%3Ccommits.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c%40%3Cdev.hbase.apache.org%3E"
        },
        {
          "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba%40%3Cissues.hbase.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@eclipse.org",
          "ID": "CVE-2021-34429",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Eclipse Jetty",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.4.37"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "9.4.42"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "10.0.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "10.0.5"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "11.0.1"
                          },
                          {
                            "version_affected": "\u003c=",
                            "version_value": "11.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "The Eclipse Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "For Eclipse Jetty versions 9.4.37-9.4.42, 10.0.1-10.0.5 \u0026 11.0.1-11.0.5, URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. This is a variation of the vulnerability reported in CVE-2021-28164/GHSA-v7ff-8wcx-gmc5."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 5.3,
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-200"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-551"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm",
              "refsource": "CONFIRM",
              "url": "https://github.com/eclipse/jetty.project/security/advisories/GHSA-vjv5-gp2w-65vm"
            },
            {
              "name": "[zookeeper-issues] 20210728 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7dd079fa0ac6f47ba1ad0af98d7d0276547b8a4e005f034fb1016951@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r90e7b4c42a96d74c219e448bee6a329ab0cd3205c44b63471d96c3ab@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20210728 [jira] [Created] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r763840320a80e515331cbc1e613fa93f25faf62e991974171a325c82@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210805 [jira] [Assigned] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2a3ea27cca2ac7352d392b023b72e824387bc9ff16ba245ec663bdc6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210805 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8e6c116628c1277c3cf132012a66c46a0863fa2a3037c0707d4640d4@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg opened a new pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r029c0c6833c8bb6acb094733fd7b75029d633f47a92f1c9d14391fc0@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210805 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r46f748c1dc9cf9b6c1c18f6b5bfc3a869907f68f72e17666f2f30f24@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli opened a new issue #11659: Jetty is flagged with CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc26807be68748b3347decdcd03ae183622244b0b4cb09223d4b7e500@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] lhotari opened a new pull request #11660: [Security] Upgrade Jetty to 9.4.43.v20210629",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb33d65c3e5686f2e3b9bb8a032a44163b2f2ad9d31a8727338f213c1@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20210813 [GitHub] [pulsar] eolivelli closed issue #11659: Jetty is flagged with CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9e6158d72ef25077c2dc59fbddade2eacf7d259a2556c97a989f2fe8@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[santuario-dev] 20210817 [GitHub] [santuario-xml-security-java] dependabot[bot] opened a new pull request #52: Bump jetty.version from 9.4.42.v20210604 to 9.4.43.v20210629",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3aefe613abce594c71ace50088d2529bbde65d08b8e7ff2c2723aaa1@%3Cdev.santuario.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Updated] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6e6f50c1ce1fb592cb43e913f5be23df104d50751465f8f1952ace0c@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r46900f74dbb7d168aeac43bf0e7f64825376bb7eb74d31a5b33344ce@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r679d96f981d4c92724090ed2d5e8565a1d655a72bb315550489f052e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 2.8 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r02f940c27e997a277ff14e79e84551382e1081e8978b417e0c2b0857@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 2.7 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9d245c6c884bbc804a472116d730c1a01676bf24f93206a34923fc64@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-commits] 20210817 [kafka] branch 3.0 updated: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r756443e9d50af7e8c3df82e2c45105f452c8e8195ddbc0c00f58d5fe@%3Ccommits.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re5e9bb535db779506013ef8799dc2a299e77cdad6668aa94c456dba6@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-dev] 20210817 [jira] [Resolved] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4727d282b5c2d951057845a46065d59f6e33132edc0a14f41c26b01e@%3Cdev.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210817 [jira] [Assigned] (KAFKA-13209) Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re01890eef49d4201018f2c97e26536e3e75f441ecdbcf91986c3bc17@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210818 [GitHub] [kafka] jolshan opened a new pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re3de01414ccf682fe0951205f806dd8e94440798fd64c55a4941de3e@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[kafka-jira] 20210818 [GitHub] [kafka] omkreddy merged pull request #11224: KAFKA-13209: Upgrade jetty-server to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r74fdc446df551fe89a0a16957a1bfdaad19380e0c1afd30625685a9c@%3Cjira.kafka.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] ztzg commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5678d994d4dd8e7c838eed3bbc1a83a7f6bc62724b0cce67e8892a45@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210825 [GitHub] [zookeeper] eolivelli commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2e32390cb7aedb39069e5b18aa130ca53e766258518faee63c31d3ea@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210827 [GitHub] [zookeeper] nkalmar commented on pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcb157f55b9ae41b3076801de927c6fca1669c6d8eaf11a9df5dbeb46@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210901 [zookeeper] branch branch-3.7 updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r44ea39ca8110de7353bfec88f58aa3aa58a42bb324b8772512ee190c@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-commits] 20210901 [zookeeper] branch master updated: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0626f279ebf65506110a897e3a57ccd4072803ee5434b2503e070398@%3Ccommits.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-notifications] 20210901 [GitHub] [zookeeper] ztzg closed pull request #1734: ZOOKEEPER-4337: Bump jetty to 9.4.43.v20210629 (avoids CVE-2021-34429)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r48a93f2bc025acd7c7e341ed3864bfdeb75f0c768d41bc247e1a1f63@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20210901 [jira] [Resolved] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rcea249eb7a0d243f21696e4985de33f3780399bf7b31ea1f6d489b8b@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r833a4c8bdbbfeb8a2cd38238e7b59f83edd5c1a0e508b587fc551a46@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-dev] 20210921 [jira] [Created] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r721ab6a5fa8d45bec76714b674f5d4caed2ebfeca69ad1d6d4caae6c@%3Cdev.hbase.apache.org%3E"
            },
            {
              "name": "[hbase-issues] 20210921 [jira] [Commented] (HBASE-26292) Update jetty version to fix CVE-2021-34429",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re850203ef8700cb826534dd4a1cb9f5b07bb8f6f973b39ff7838d3ba@%3Cissues.hbase.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20211028 [jira] [Updated] (ZOOKEEPER-4337) CVE-2021-34429 in jetty 9.4.38.v20210224 in zookeeper 3.7.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3c55b0baa4dc38958ae147b2f216e212605f1071297f845e14477d36@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210819-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210819-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e51fbebd-6053-4e49-959f-1b94eeb69a2c",
    "assignerShortName": "eclipse",
    "cveId": "CVE-2021-34429",
    "datePublished": "2021-07-15T17:00:10",
    "dateReserved": "2021-06-09T00:00:00",
    "dateUpdated": "2024-08-04T00:12:50.169Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1257
Vulnerability from cvelistv5
Published
2018-05-11 20:00
Modified
2024-09-16 22:56
Severity ?
Summary
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
References
http://www.securityfocus.com/bid/104260vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:1809vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:3768vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-1257x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.126Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104260",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104260"
          },
          {
            "name": "RHSA-2018:1809",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1809"
          },
          {
            "name": "RHSA-2018:3768",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:3768"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1257"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17"
            }
          ]
        }
      ],
      "datePublic": "2018-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "ReDoS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:00",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "104260",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104260"
        },
        {
          "name": "RHSA-2018:1809",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1809"
        },
        {
          "name": "RHSA-2018:3768",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:3768"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1257"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-05-09T00:00:00",
          "ID": "CVE-2018-1257",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "ReDoS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104260",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104260"
            },
            {
              "name": "RHSA-2018:1809",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1809"
            },
            {
              "name": "RHSA-2018:3768",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:3768"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1257",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1257"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1257",
    "datePublished": "2018-05-11T20:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-16T22:56:18.536Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-8013
Vulnerability from cvelistv5
Published
2018-05-24 16:00
Modified
2024-09-16 23:16
Severity ?
Summary
In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization.
References
http://www.securityfocus.com/bid/104252vdb-entry
https://lists.debian.org/debian-lts-announce/2018/05/msg00016.htmlmailing-list
https://www.debian.org/security/2018/dsa-4215vendor-advisory
https://usn.ubuntu.com/3661-1/vendor-advisory
https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3emailing-list
http://www.securitytracker.com/id/1040995vdb-entry
https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3Emailing-list
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
https://www.oracle.com/security-alerts/cpujul2020.html
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
https://xmlgraphics.apache.org/security.html
https://www.oracle.com/security-alerts/cpuoct2020.html
https://security.gentoo.org/glsa/202401-11vendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T06:46:11.478Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104252",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104252"
          },
          {
            "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
          },
          {
            "name": "DSA-4215",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4215"
          },
          {
            "name": "USN-3661-1",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3661-1/"
          },
          {
            "name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
          },
          {
            "name": "1040995",
            "tags": [
              "vdb-entry",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040995"
          },
          {
            "name": "[xmlgraphics-commits] 20200615 svn commit: r1878851 - /xmlgraphics/site/trunk/content/security.mdtext",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "name": "[xmlgraphics-commits] 20200615 svn commit: r1878850 - /xmlgraphics/site/trunk/content/security.mdtext",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://xmlgraphics.apache.org/security.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "GLSA-202401-11",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202401-11"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Batik",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "1.0 - 1.9.1"
            }
          ]
        }
      ],
      "datePublic": "2018-05-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache Batik 1.x before 1.10, when deserializing subclass of `AbstractDocument`, the class takes a string from the inputStream as the class name which then use it to call the no-arg constructor of the class. Fix was to check the class type before calling newInstance in deserialization."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-01-07T11:06:17.409115",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "104252",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securityfocus.com/bid/104252"
        },
        {
          "name": "[debian-lts-announce] 20180525 [SECURITY] [DLA 1385-1] batik security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00016.html"
        },
        {
          "name": "DSA-4215",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4215"
        },
        {
          "name": "USN-3661-1",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://usn.ubuntu.com/3661-1/"
        },
        {
          "name": "[xmlgraphics-batik-dev] 20180523 [CVE-2018-8013] Apache Batik information disclosure vulnerability",
          "tags": [
            "mailing-list"
          ],
          "url": "https://mail-archives.apache.org/mod_mbox/xmlgraphics-batik-dev/201805.mbox/%3c000701d3f28f%24d01860a0%24704921e0%24%40gmail.com%3e"
        },
        {
          "name": "1040995",
          "tags": [
            "vdb-entry"
          ],
          "url": "http://www.securitytracker.com/id/1040995"
        },
        {
          "name": "[xmlgraphics-commits] 20200615 svn commit: r1878851 - /xmlgraphics/site/trunk/content/security.mdtext",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r9e90b4d1cf6ea87a79bb506541140dfbf4801f4463a7cee08126ee44%40%3Ccommits.xmlgraphics.apache.org%3E"
        },
        {
          "name": "[xmlgraphics-commits] 20200615 svn commit: r1878850 - /xmlgraphics/site/trunk/content/security.mdtext",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rc0a31867796043fbe59113fb654fe8b13309fe04f8935acb8d0fab19%40%3Ccommits.xmlgraphics.apache.org%3E"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "url": "https://xmlgraphics.apache.org/security.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "GLSA-202401-11",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202401-11"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2018-8013",
    "datePublished": "2018-05-24T16:00:00Z",
    "dateReserved": "2018-03-09T00:00:00",
    "dateUpdated": "2024-09-16T23:16:36.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-0222
Vulnerability from cvelistv5
Published
2019-03-28 21:16
Modified
2024-08-04 17:44
Severity ?
Summary
In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive.
References
https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3Emailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2019/03/27/2mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3Emailing-list, x_refsource_MLIST
http://www.securityfocus.com/bid/107622vdb-entry, x_refsource_BID
https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txtx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190502-0006/x_refsource_CONFIRM
https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/03/msg00004.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/03/msg00005.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:44:15.392Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ \u003e Security Advisories",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-users] 20190327 CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-commits] 20190327 svn commit: r1042603 - /websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-dev] 20190327 CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E"
          },
          {
            "name": "[oss-security] 20190327 [ANNOUNCE] CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2019/03/27/2"
          },
          {
            "name": "[activemq-dev] 20190327 Re: Website",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-dev] 20190328 Re: Website",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E"
          },
          {
            "name": "107622",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107622"
          },
          {
            "name": "[activemq-commits] 20200514 [activemq-website] branch master updated: Publish CVE-2020-1941 security advisory",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190502-0006/"
          },
          {
            "name": "[activemq-commits] 20200910 [activemq-website] branch master updated: Publish CVE-2020-11998",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2582-1] mqtt-client security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html"
          },
          {
            "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache ActiveMQ",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "Apache ActiveMQ 5.0.0 - 5.15.8"
            }
          ]
        }
      ],
      "datePublic": "2019-03-25T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-05T18:06:23",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ \u003e Security Advisories",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-users] 20190327 CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-commits] 20190327 svn commit: r1042603 - /websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-dev] 20190327 CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485%40%3Cdev.activemq.apache.org%3E"
        },
        {
          "name": "[oss-security] 20190327 [ANNOUNCE] CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2019/03/27/2"
        },
        {
          "name": "[activemq-dev] 20190327 Re: Website",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b%40%3Cdev.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-dev] 20190328 Re: Website",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1%40%3Cdev.activemq.apache.org%3E"
        },
        {
          "name": "107622",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107622"
        },
        {
          "name": "[activemq-commits] 20200514 [activemq-website] branch master updated: Publish CVE-2020-1941 security advisory",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190502-0006/"
        },
        {
          "name": "[activemq-commits] 20200910 [activemq-website] branch master updated: Publish CVE-2020-11998",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2582-1] mqtt-client security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html"
        },
        {
          "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2019-0222",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache ActiveMQ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache ActiveMQ 5.0.0 - 5.15.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache ActiveMQ 5.0.0 - 5.15.8, unmarshalling corrupt MQTT frame can lead to broker Out of Memory exception making it unresponsive."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[activemq-commits] 20190327 [CONF] Apache ActiveMQ \u003e Security Advisories",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2b5c0039197a4949f29e1e2c9441ab38d242946b966f61c110808bcc@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-users] 20190327 CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7da9636557118178b1690ba0af49c8a7b7b97d925218b5774622f488@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-commits] 20190327 svn commit: r1042603 - /websites/production/activemq/content/security-advisories.data/CVE-2019-0222-announcement.txt",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d1e334bd71d6e68462c62c726fe6db565c7a6283302f9c1feed087fa@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-dev] 20190327 CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/71640324661c1b6d0b6708bd4fb20170e1b979370a4b8cddc4f8d485@%3Cdev.activemq.apache.org%3E"
            },
            {
              "name": "[oss-security] 20190327 [ANNOUNCE] CVE-2019-0222 - Apache ActiveMQ: Corrupt MQTT frame can cause broker shutdown",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2019/03/27/2"
            },
            {
              "name": "[activemq-dev] 20190327 Re: Website",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/fcbe6ad00f1de142148c20d813fae3765dc4274955e3e2f3ca19ff7b@%3Cdev.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-commits] 20190327 svn commit: r1042639 - in /websites/production/activemq/content/activemq-website: ./ projects/artemis/download/ projects/classic/download/ projects/cms/download/ security-advisories.data/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a859563f05fbe7c31916b3178c2697165bd9bbf5a65d1cf62aef27d2@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-dev] 20190328 Re: Website",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/03f91b1fb85686a848cee6b90112cf6059bd1b21b23bacaa11a962e1@%3Cdev.activemq.apache.org%3E"
            },
            {
              "name": "107622",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107622"
            },
            {
              "name": "[activemq-commits] 20200514 [activemq-website] branch master updated: Publish CVE-2020-1941 security advisory",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb698ed085f79e56146ca24ab359c9ef95846618675ea1ef402e04a6d@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt",
              "refsource": "CONFIRM",
              "url": "http://activemq.apache.org/security-advisories.data/CVE-2019-0222-announcement.txt"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190502-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190502-0006/"
            },
            {
              "name": "[activemq-commits] 20200910 [activemq-website] branch master updated: Publish CVE-2020-11998",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2582-1] mqtt-client security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00004.html"
            },
            {
              "name": "[debian-lts-announce] 20210305 [SECURITY] [DLA 2583-1] activemq security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00005.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2019-0222",
    "datePublished": "2019-03-28T21:16:12",
    "dateReserved": "2018-11-14T00:00:00",
    "dateUpdated": "2024-08-04T17:44:15.392Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10878
Vulnerability from cvelistv5
Published
2020-06-05 13:27
Modified
2024-08-04 11:14
Severity ?
Summary
Perl before 5.30.3 has an integer overflow related to mishandling of a "PL_regkind[OP(n)] == NOTHING" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection.
References
https://security.gentoo.org/glsa/202006-03vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3x_refsource_CONFIRM
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200611-0001/x_refsource_CONFIRM
https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8x_refsource_CONFIRM
https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3cx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:14:15.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-202006-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-03"
          },
          {
            "name": "FEDORA-2020-fd73c08076",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
          },
          {
            "name": "openSUSE-SU-2020:0850",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:20:52",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-202006-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-03"
        },
        {
          "name": "FEDORA-2020-fd73c08076",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
        },
        {
          "name": "openSUSE-SU-2020:0850",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10878",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Perl before 5.30.3 has an integer overflow related to mishandling of a \"PL_regkind[OP(n)] == NOTHING\" situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-202006-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-03"
            },
            {
              "name": "FEDORA-2020-fd73c08076",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
            },
            {
              "name": "openSUSE-SU-2020:0850",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
              "refsource": "CONFIRM",
              "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
            },
            {
              "name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
              "refsource": "CONFIRM",
              "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
            },
            {
              "name": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8",
              "refsource": "CONFIRM",
              "url": "https://github.com/perl/perl5/commit/0a320d753fe7fca03df259a4dfd8e641e51edaa8"
            },
            {
              "name": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c",
              "refsource": "CONFIRM",
              "url": "https://github.com/perl/perl5/commit/3295b48defa0f8570114877b063fe546dd348b3c"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10878",
    "datePublished": "2020-06-05T13:27:22",
    "dateReserved": "2020-03-23T00:00:00",
    "dateUpdated": "2024-08-04T11:14:15.674Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14439
Vulnerability from cvelistv5
Published
2019-07-30 10:49
Modified
2024-08-05 00:19
Severity ?
Summary
A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath.
References
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://www.debian.org/security/2019/dsa-4542vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2019/Oct/6mailing-list, x_refsource_BUGTRAQ
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190814-0001/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2389x_refsource_MISC
https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125bx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:41.289Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "DSA-4542",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4542"
          },
          {
            "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Oct/6"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-15T02:23:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592%40%3Ccommits.cassandra.apache.org%3E"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "DSA-4542",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4542"
        },
        {
          "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Oct/6"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b%40%3Ccommits.nifi.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14439",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A Polymorphic Typing issue was discovered in FasterXML jackson-databind 2.x before 2.9.9.2. This occurs when Default Typing is enabled (either globally or for a specific property) for an externally exposed JSON endpoint and the service has the logback jar in the classpath."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[cassandra-commits] 20190919 [jira] [Created] (CASSANDRA-15328) Bump jackson version to \u003e= 2.9.9.3 to address security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3f99ae8dcdbd69438cb733d745ee3ad5e852068490719a66509b4592@%3Ccommits.cassandra.apache.org%3E"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "DSA-4542",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4542"
            },
            {
              "name": "20191007 [SECURITY] [DSA 4542-1] jackson-databind security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Oct/6"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "[nifi-commits] 20191113 svn commit: r1869773 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bcce5a9c532b386c68dab2f6b3ce8b0cc9b950ec551766e76391caa3@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "[nifi-commits] 20200123 svn commit: r1873083 - /nifi/site/trunk/security.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rca37935d661f4689cb4119f1b3b224413b22be161b678e6e6ce0c69b@%3Ccommits.nifi.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190814-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2389",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2389"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/commit/ad418eeb974e357f2797aef64aa0e3ffaaa6125b"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14439",
    "datePublished": "2019-07-30T10:49:43",
    "dateReserved": "2019-07-30T00:00:00",
    "dateUpdated": "2024-08-05T00:19:41.289Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14788
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:22
Severity ?
6.1 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Summary
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N).
References
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14788",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:32.514790Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:22:57.185Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Communications Diameter Signaling Router (DSR)",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0.0-8.4.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR).  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as  unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-21T14:04:25",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14788",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Communications Diameter Signaling Router (DSR)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0.0-8.4.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 6.1 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "6.1",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR).  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as  unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14788",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:22:57.185Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-2904
Vulnerability from cvelistv5
Published
2019-10-16 17:40
Modified
2024-10-15 18:50
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.zerodayinitiative.com/advisories/ZDI-19-1024/x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Oracle Corporation Rapid Planning Version: 12.1.3
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T19:03:43.365Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-2904",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-15T17:36:30.925092Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-15T18:50:07.530Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Enterprise Repository",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "11.1.1.7.0"
            }
          ]
        },
        {
          "product": "Rapid Planning",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "12.1.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF.  Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-22T21:53:43",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2904",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Enterprise Repository",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "11.1.1.7.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Rapid Planning",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "12.1.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle JDeveloper and ADF product of Oracle Fusion Middleware (component: ADF Faces). Supported versions that are affected are 11.1.1.9.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF. Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle JDeveloper and ADF.  Successful attacks of this vulnerability can result in takeover of Oracle JDeveloper and ADF."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-19-1024/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2019-2904",
    "datePublished": "2019-10-16T17:40:53",
    "dateReserved": "2018-12-14T00:00:00",
    "dateUpdated": "2024-10-15T18:50:07.530Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11112
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy).
References
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2666x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:42.504958Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:17.235Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.621Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.proxy.provider.remoting.RmiProvider (aka apache/commons-proxy)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2666",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2666"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11112",
    "datePublished": "2020-03-31T04:37:41",
    "dateReserved": "2020-03-31T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.621Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-2555
Vulnerability from cvelistv5
Published
2020-01-15 16:34
Modified
2024-09-30 17:02
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.htmlx_refsource_MISC
http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Oracle Corporation Utilities Framework Version: 4.2.0.2.0
Version: 4.2.0.3.0
Version: 4.3.0.1.0-4.3.0.6.0
Version: 4.4.0.0.0
Version: 4.4.0.2.0
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T07:09:54.651Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-2555",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-30T17:02:30.680427Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2020-2555"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-30T17:02:55.994Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "WebCenter Portal",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "12.2.1.3.0"
            },
            {
              "status": "affected",
              "version": "12.2.1.4.0"
            }
          ]
        },
        {
          "product": "Utilities Framework",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "4.2.0.2.0"
            },
            {
              "status": "affected",
              "version": "4.2.0.3.0"
            },
            {
              "status": "affected",
              "version": "4.3.0.1.0-4.3.0.6.0"
            },
            {
              "status": "affected",
              "version": "4.4.0.0.0"
            },
            {
              "status": "affected",
              "version": "4.4.0.2.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence.  Successful attacks of this vulnerability can result in takeover of Oracle Coherence.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:43:04",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-2555",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "WebCenter Portal",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "12.2.1.3.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "12.2.1.4.0"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "Utilities Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "4.2.0.2.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.2.0.3.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.3.0.1.0-4.3.0.6.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.4.0.0.0"
                          },
                          {
                            "version_affected": "=",
                            "version_value": "4.4.0.2.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Coherence product of Oracle Fusion Middleware (component: Caching,CacheStore,Invocation). Supported versions that are affected are 3.7.1.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence. Successful attacks of this vulnerability can result in takeover of Oracle Coherence. CVSS 3.0 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.8",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via T3 to compromise Oracle Coherence.  Successful attacks of this vulnerability can result in takeover of Oracle Coherence."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157054/Oracle-Coherence-Fusion-Middleware-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157207/Oracle-WebLogic-Server-12.2.1.4.0-Remote-Code-Execution.html"
            },
            {
              "name": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157795/WebLogic-Server-Deserialization-Remote-Code-Execution.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-2555",
    "datePublished": "2020-01-15T16:34:00",
    "dateReserved": "2019-12-10T00:00:00",
    "dateUpdated": "2024-09-30T17:02:55.994Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11971
Vulnerability from cvelistv5
Published
2020-05-14 16:18
Modified
2024-08-04 11:48
Severity ?
Summary
Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.
References
http://www.openwall.com/lists/oss-security/2020/05/14/7mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://camel.apache.org/security/CVE-2020-11971.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:56.399Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11971 released for Apache Camel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/14/7"
          },
          {
            "name": "[camel-commits] 20200522 [camel-website] 01/02: CVE-2020-11971 - Amend the fix version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200522 [camel-website] branch CVE-2020-11971-amend created (now 2a753f7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[camel-commits] 20200522 [camel-website] 02/02: CVE-2020-11971 - Amended fix version",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20200601 [jira] [Created] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20200622 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20200622 [jira] [Assigned] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://camel.apache.org/security/CVE-2020-11971.html"
          },
          {
            "name": "[activemq-issues] 20201122 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20201122 [jira] [Updated] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 2.25.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[activemq-users] 20210830 Security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-users] 20210831 RE: Security issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Camel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Camel\u0027s JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Rebind Flaw",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:09",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11971 released for Apache Camel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/14/7"
        },
        {
          "name": "[camel-commits] 20200522 [camel-website] 01/02: CVE-2020-11971 - Amend the fix version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200522 [camel-website] branch CVE-2020-11971-amend created (now 2a753f7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[camel-commits] 20200522 [camel-website] 02/02: CVE-2020-11971 - Amended fix version",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a%40%3Ccommits.camel.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20200601 [jira] [Created] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20200622 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20200622 [jira] [Assigned] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://camel.apache.org/security/CVE-2020-11971.html"
        },
        {
          "name": "[activemq-issues] 20201122 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20201122 [jira] [Updated] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 2.25.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[activemq-users] 20210830 Security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-users] 20210831 RE: Security issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328%40%3Cusers.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11971",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Camel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Camel\u0027s JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Rebind Flaw"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11971 released for Apache Camel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/14/7"
            },
            {
              "name": "[camel-commits] 20200522 [camel-website] 01/02: CVE-2020-11971 - Amend the fix version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7968b5086e861da2cf635a7b215e465ce9912d5f16c683b8e56819c4@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200522 [camel-website] branch CVE-2020-11971-amend created (now 2a753f7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r16f4f9019840bc923e25d1b029fb42fe2676c4ba36e54824749a8da9@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[camel-commits] 20200522 [camel-website] 02/02: CVE-2020-11971 - Amended fix version",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3d0ae14ca224e69fb1c653f0a5d9e56370ee12d8896aa4490aeae14a@%3Ccommits.camel.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20200601 [jira] [Created] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r45da6abb42a9e6853ec8affdbf591f1db3e90c5288de9d3753124c79@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20200622 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb0033c4e9dade1fdf22493314062364ff477e9a8b417f687dc168468@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20200622 [jira] [Assigned] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8988311eb2481fd8a87e69cf17ffb8dc81bfeba5503021537f72db0a@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://camel.apache.org/security/CVE-2020-11971.html",
              "refsource": "MISC",
              "url": "https://camel.apache.org/security/CVE-2020-11971.html"
            },
            {
              "name": "[activemq-issues] 20201122 [jira] [Commented] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 3.2.0",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r938dc2ded68039ab747f6d7a12153862495d4b38107d3ed111994386@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20201122 [jira] [Updated] (AMQ-7492) CVE-2020-11971 needs AMQ to upgrade to Apache Camel 2.25.2",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc907a3d385a9c62416d686608e7241c864be8ef2ac16a3bdb0e33649@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[activemq-users] 20210830 Security issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9dc2505651788ac668299774d9e7af4dc616be2f56fdc684d1170882@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-users] 20210831 RE: Security issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r52a5129df402352adc34d052bab9234c8ef63596306506a89fdc7328@%3Cusers.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11971",
    "datePublished": "2020-05-14T16:18:41",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:56.399Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-1559
Vulnerability from cvelistv5
Published
2019-02-27 23:00
Modified
2024-09-17 04:20
Severity ?
Summary
If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable "non-stitched" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).
References
http://www.securityfocus.com/bid/107174vdb-entry, x_refsource_BID
https://security.gentoo.org/glsa/201903-10vendor-advisory, x_refsource_GENTOO
https://usn.ubuntu.com/3899-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2019/03/msg00003.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2019/dsa-4400vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.htmlvendor-advisory, x_refsource_SUSE
https://access.redhat.com/errata/RHSA-2019:2304vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2439vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2437vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2471vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/vendor-advisory, x_refsource_FEDORA
https://access.redhat.com/errata/RHSA-2019:3929vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3931vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://usn.ubuntu.com/4376-2/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190301-0001/x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190301-0002/x_refsource_CONFIRM
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8ex_refsource_CONFIRM
https://www.openssl.org/news/secadv/20190226.txtx_refsource_CONFIRM
https://support.f5.com/csp/article/K18549143x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-02x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20190423-0002/x_refsource_CONFIRM
https://www.tenable.com/security/tns-2019-03x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10282x_refsource_CONFIRM
https://support.f5.com/csp/article/K18549143?utm_source=f5support&amp%3Butm_medium=RSSx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:20:27.982Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107174",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107174"
          },
          {
            "name": "GLSA-201903-10",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201903-10"
          },
          {
            "name": "USN-3899-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3899-1/"
          },
          {
            "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
          },
          {
            "name": "DSA-4400",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2019/dsa-4400"
          },
          {
            "name": "openSUSE-SU-2019:1076",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2019:1105",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
          },
          {
            "name": "openSUSE-SU-2019:1173",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
          },
          {
            "name": "openSUSE-SU-2019:1175",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
          },
          {
            "name": "openSUSE-SU-2019:1432",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
          },
          {
            "name": "openSUSE-SU-2019:1637",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
          },
          {
            "name": "RHSA-2019:2304",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2304"
          },
          {
            "name": "RHSA-2019:2439",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2439"
          },
          {
            "name": "RHSA-2019:2437",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2437"
          },
          {
            "name": "RHSA-2019:2471",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2471"
          },
          {
            "name": "FEDORA-2019-db06efdea1",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
          },
          {
            "name": "FEDORA-2019-00c25b9379",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
          },
          {
            "name": "FEDORA-2019-9a0a7c0986",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
          },
          {
            "name": "RHSA-2019:3929",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3929"
          },
          {
            "name": "RHSA-2019:3931",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3931"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "USN-4376-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4376-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.openssl.org/news/secadv/20190226.txt"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2019-03"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "OpenSSL",
          "vendor": "OpenSSL",
          "versions": [
            {
              "status": "affected",
              "version": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
        }
      ],
      "datePublic": "2019-02-26T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "lang": "eng",
              "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
              "value": "Moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Padding Oracle",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:01",
        "orgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
        "shortName": "openssl"
      },
      "references": [
        {
          "name": "107174",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107174"
        },
        {
          "name": "GLSA-201903-10",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201903-10"
        },
        {
          "name": "USN-3899-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3899-1/"
        },
        {
          "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
        },
        {
          "name": "DSA-4400",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2019/dsa-4400"
        },
        {
          "name": "openSUSE-SU-2019:1076",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2019:1105",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
        },
        {
          "name": "openSUSE-SU-2019:1173",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
        },
        {
          "name": "openSUSE-SU-2019:1175",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
        },
        {
          "name": "openSUSE-SU-2019:1432",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
        },
        {
          "name": "openSUSE-SU-2019:1637",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
        },
        {
          "name": "RHSA-2019:2304",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2304"
        },
        {
          "name": "RHSA-2019:2439",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2439"
        },
        {
          "name": "RHSA-2019:2437",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2437"
        },
        {
          "name": "RHSA-2019:2471",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2471"
        },
        {
          "name": "FEDORA-2019-db06efdea1",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
        },
        {
          "name": "FEDORA-2019-00c25b9379",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
        },
        {
          "name": "FEDORA-2019-9a0a7c0986",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
        },
        {
          "name": "RHSA-2019:3929",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3929"
        },
        {
          "name": "RHSA-2019:3931",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3931"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "name": "USN-4376-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4376-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.openssl.org/news/secadv/20190226.txt"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2019-03"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp%3Butm_medium=RSS"
        }
      ],
      "title": "0-byte record padding oracle",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "openssl-security@openssl.org",
          "DATE_PUBLIC": "2019-02-26",
          "ID": "CVE-2019-1559",
          "STATE": "PUBLIC",
          "TITLE": "0-byte record padding oracle"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "OpenSSL",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "OpenSSL"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Juraj Somorovsky, Robert Merget and Nimrod Aviram, with additional investigation by Steven Collison and Andrew Hourselt"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q)."
            }
          ]
        },
        "impact": [
          {
            "lang": "eng",
            "url": "https://www.openssl.org/policies/secpolicy.html#Moderate",
            "value": "Moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Padding Oracle"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107174",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107174"
            },
            {
              "name": "GLSA-201903-10",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201903-10"
            },
            {
              "name": "USN-3899-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3899-1/"
            },
            {
              "name": "[debian-lts-announce] 20190301 [SECURITY] [DLA 1701-1] openssl security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html"
            },
            {
              "name": "DSA-4400",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2019/dsa-4400"
            },
            {
              "name": "openSUSE-SU-2019:1076",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2019:1105",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html"
            },
            {
              "name": "openSUSE-SU-2019:1173",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html"
            },
            {
              "name": "openSUSE-SU-2019:1175",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html"
            },
            {
              "name": "openSUSE-SU-2019:1432",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html"
            },
            {
              "name": "openSUSE-SU-2019:1637",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html"
            },
            {
              "name": "RHSA-2019:2304",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2304"
            },
            {
              "name": "RHSA-2019:2439",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2439"
            },
            {
              "name": "RHSA-2019:2437",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2437"
            },
            {
              "name": "RHSA-2019:2471",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2471"
            },
            {
              "name": "FEDORA-2019-db06efdea1",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/"
            },
            {
              "name": "FEDORA-2019-00c25b9379",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/"
            },
            {
              "name": "FEDORA-2019-9a0a7c0986",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/"
            },
            {
              "name": "RHSA-2019:3929",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3929"
            },
            {
              "name": "RHSA-2019:3931",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3931"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "USN-4376-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4376-2/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0001/"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190301-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190301-0002/"
            },
            {
              "name": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
              "refsource": "CONFIRM",
              "url": "https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e"
            },
            {
              "name": "https://www.openssl.org/news/secadv/20190226.txt",
              "refsource": "CONFIRM",
              "url": "https://www.openssl.org/news/secadv/20190226.txt"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-02",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-02"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190423-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190423-0002/"
            },
            {
              "name": "https://www.tenable.com/security/tns-2019-03",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2019-03"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282"
            },
            {
              "name": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "3a12439a-ef3a-4c79-92e6-6081a721f1e5",
    "assignerShortName": "openssl",
    "cveId": "CVE-2019-1559",
    "datePublished": "2019-02-27T23:00:00Z",
    "dateReserved": "2018-11-28T00:00:00",
    "dateUpdated": "2024-09-17T04:20:35.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1941
Vulnerability from cvelistv5
Published
2020-05-14 16:29
Modified
2024-08-04 06:54
Severity ?
Summary
In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue.
References
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txtx_refsource_MISC
https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.336Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt"
          },
          {
            "name": "[activemq-commits] 20200910 [activemq-website] branch master updated: Publish CVE-2020-11998",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache ActiveMQ",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache ActiveMQ 5.0.0 to 5.15.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "XSS",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:54:27",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt"
        },
        {
          "name": "[activemq-commits] 20200910 [activemq-website] branch master updated: Publish CVE-2020-11998",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1941",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache ActiveMQ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache ActiveMQ 5.0.0 to 5.15.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Apache ActiveMQ 5.0.0 to 5.15.11, the webconsole admin GUI is open to XSS, in the view that lists the contents of a queue."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "XSS"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt",
              "refsource": "MISC",
              "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-1941-announcement.txt"
            },
            {
              "name": "[activemq-commits] 20200910 [activemq-website] branch master updated: Publish CVE-2020-11998",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re4672802b0e5ed67c08c9e77057d52138e062f77cc09581b723cf95a@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1941",
    "datePublished": "2020-05-14T16:29:26",
    "dateReserved": "2019-12-02T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.336Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-30640
Vulnerability from cvelistv5
Published
2021-07-12 14:55
Modified
2024-08-03 22:40
Severity ?
Summary
A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65.
References
https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3Ex_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/08/msg00009.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2021/dsa-4952vendor-advisory, x_refsource_DEBIAN
https://www.debian.org/security/2021/dsa-4986vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210827-0007/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://security.gentoo.org/glsa/202208-34vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:40:31.832Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[debian-lts-announce] 20210805 [SECURITY] [DLA 2733-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
          },
          {
            "name": "DSA-4952",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4952"
          },
          {
            "name": "DSA-4986",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4986"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "name": "GLSA-202208-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10 10.0.0-M1 to 10.0.5"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 9 9.0.0.M1 to 9.0.45"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 8.5 8.5.0 to 8.5.65"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 7 7.0.0 to 7.0.108"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authentication weaknees",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-21T04:07:59",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[debian-lts-announce] 20210805 [SECURITY] [DLA 2733-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
        },
        {
          "name": "DSA-4952",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4952"
        },
        {
          "name": "DSA-4986",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4986"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "name": "GLSA-202208-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-34"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Auth weakness in JNDIRealm",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-30640",
          "STATE": "PUBLIC",
          "TITLE": "Auth weakness in JNDIRealm"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.0.0-M1 to 10.0.5"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 9",
                            "version_value": "9.0.0.M1 to 9.0.45"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 8.5",
                            "version_value": "8.5.0 to 8.5.65"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 7",
                            "version_value": "7.0.0 to 7.0.108"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A vulnerability in the JNDI Realm of Apache Tomcat allows an attacker to authenticate using variations of a valid user name and/or to bypass some of the protection provided by the LockOut Realm. This issue affects Apache Tomcat 10.0.0-M1 to 10.0.5; 9.0.0.M1 to 9.0.45; 8.5.0 to 8.5.65."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {}
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authentication weaknees"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r59f9ef03929d32120f91f4ea7e6e79edd5688d75d0a9b65fd26d1fe8%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[debian-lts-announce] 20210805 [SECURITY] [DLA 2733-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
            },
            {
              "name": "DSA-4952",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4952"
            },
            {
              "name": "DSA-4986",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4986"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210827-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "GLSA-202208-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-34"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-30640",
    "datePublished": "2021-07-12T14:55:13",
    "dateReserved": "2021-04-13T00:00:00",
    "dateUpdated": "2024-08-03T22:40:31.832Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37137
Vulnerability from cvelistv5
Published
2021-10-19 00:00
Modified
2024-08-04 01:16
Severity ?
Summary
The Snappy frame decoder function doesn't restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk.
References
https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363
https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.netapp.com/advisory/ntap-20220210-0012/
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlmailing-list
https://www.debian.org/security/2023/dsa-5316vendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:02.953Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
          },
          {
            "name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
          },
          {
            "name": "DSA-5316",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Netty",
          "vendor": "The Netty project",
          "versions": [
            {
              "lessThan": "4.1.68Final",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Snappy frame decoder function doesn\u0027t restrict the chunk length which may lead to excessive memory usage. Beside this it also may buffer reserved skippable chunks until the whole chunk was received which may lead to excessive memory usage as well. This vulnerability can be triggered by supplying malicious input that decompresses to a very big size (via a network stream or a file) or by sending a huge skippable chunk."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-9vjp-v76f-g363"
        },
        {
          "name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
        },
        {
          "name": "DSA-5316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5316"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2021-37137",
    "datePublished": "2021-10-19T00:00:00",
    "dateReserved": "2021-07-20T00:00:00",
    "dateUpdated": "2024-08-04T01:16:02.953Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-13920
Vulnerability from cvelistv5
Published
2020-09-10 00:00
Modified
2024-08-04 12:32
Severity ?
Summary
Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the "jmxrmi" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12.
References
http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt
https://lists.debian.org/debian-lts-announce/2020/10/msg00013.htmlmailing-list
https://www.oracle.com/security-alerts/cpuoct2020.html
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Emailing-list
https://lists.debian.org/debian-lts-announce/2023/11/msg00013.htmlmailing-list
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.288Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"
          },
          {
            "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2400-1] activemq security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20231120 [SECURITY] [DLA 3657-1] activemq security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache ActiveMQ",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache ActiveMQ version prior to 5.15.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache ActiveMQ uses LocateRegistry.createRegistry() to create the JMX RMI registry and binds the server to the \"jmxrmi\" entry. It is possible to connect to the registry without authentication and call the rebind method to rebind jmxrmi to something else. If an attacker creates another server to proxy the original, and bound that, he effectively becomes a man in the middle and is able to intercept the credentials when an user connects. Upgrade to Apache ActiveMQ 5.15.12."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Man In The Middle attack vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-11-20T22:06:16.750174",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-13920-announcement.txt"
        },
        {
          "name": "[debian-lts-announce] 20201007 [SECURITY] [DLA 2400-1] activemq security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/10/msg00013.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20231120 [SECURITY] [DLA 3657-1] activemq security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/11/msg00013.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-13920",
    "datePublished": "2020-09-10T00:00:00",
    "dateReserved": "2020-06-08T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.288Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11998
Vulnerability from cvelistv5
Published
2020-09-10 18:10
Modified
2024-08-04 11:48
Severity ?
Summary
A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html "A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code." Mitigation: Upgrade to Apache ActiveMQ 5.15.13
References
http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txtx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.796Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache ActiveMQ",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 5.15.12"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html \"A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code.\" Mitigation: Upgrade to Apache ActiveMQ 5.15.13"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Arbitrary code execution via JMX",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:56",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7%40%3Ccommits.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11998",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache ActiveMQ",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 5.15.12"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A regression has been introduced in the commit preventing JMX re-bind. By passing an empty environment map to RMIConnectorServer, instead of the map that contains the authentication credentials, it leaves ActiveMQ open to the following attack: https://docs.oracle.com/javase/8/docs/technotes/guides/management/agent.html \"A remote client could create a javax.management.loading.MLet MBean and use it to create new MBeans from arbitrary URLs, at least if there is no security manager. In other words, a rogue remote client could make your Java application execute arbitrary code.\" Mitigation: Upgrade to Apache ActiveMQ 5.15.13"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Arbitrary code execution via JMX"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt",
              "refsource": "MISC",
              "url": "http://activemq.apache.org/security-advisories.data/CVE-2020-11998-announcement.txt"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[activemq-commits] 20210127 [activemq-website] branch master updated: Publish CVE-2021-26117",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb2fd3bf2dce042e0ab3f3c94c4767c96bb2e7e6737624d63162df36d@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-commits] 20210208 [activemq-website] branch master updated: Publish CVE-2020-13947",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r946488fb942fd35c6a6e0359f52504a558ed438574a8f14d36d7dcd7@%3Ccommits.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11998",
    "datePublished": "2020-09-10T18:10:22",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.796Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9546
Vulnerability from cvelistv5
Published
2020-03-02 03:59
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2631x_refsource_MISC
https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.829Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:28",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18%40%3Cnotifications.zookeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9546",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.hadoop.shaded.com.zaxxer.hikari.HikariConfig (aka shaded hikari-config)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2631",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2631"
            },
            {
              "name": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r893a0104e50c1c2559eb9a5812add28ae8c3e5f43712947a9847ec18@%3Cnotifications.zookeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9546",
    "datePublished": "2020-03-02T03:59:18",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.829Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11111
Vulnerability from cvelistv5
Published
2020-03-31 04:37
Modified
2024-08-04 11:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms).
References
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2664x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-11111",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:44.621248Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T17:12:18.053Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.611Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:48",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11111",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.activemq.* (aka activemq-jms, activemq-core, activemq-pool, and activemq-pool-jms)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2664",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2664"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11111",
    "datePublished": "2020-03-31T04:37:49",
    "dateReserved": "2020-03-31T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.611Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1272
Vulnerability from cvelistv5
Published
2018-04-06 13:00
Modified
2024-09-17 02:15
Severity ?
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles.
References
http://www.securityfocus.com/bid/103697vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2669vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1320vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-1272x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.063Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103697",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103697"
          },
          {
            "name": "RHSA-2018:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2669"
          },
          {
            "name": "RHSA-2018:1320",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1272"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 5.0.5 and 4.3.15"
            }
          ]
        }
      ],
      "datePublic": "2018-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "CAPEC-233 - Privilege Escalation",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:04",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "103697",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103697"
        },
        {
          "name": "RHSA-2018:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2669"
        },
        {
          "name": "RHSA-2018:1320",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1272"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-04-05T00:00:00",
          "ID": "CVE-2018-1272",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 5.0.5 and 4.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, provide client-side support for multipart requests. When Spring MVC or Spring WebFlux server application (server A) receives input from a remote client, and then uses that input to make a multipart request to another server (server B), it can be exposed to an attack, where an extra multipart is inserted in the content of the request from server A, causing server B to use the wrong value for a part it expects. This could to lead privilege escalation, for example, if the part content represents a username or user roles."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CAPEC-233 - Privilege Escalation"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103697",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103697"
            },
            {
              "name": "RHSA-2018:2669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2669"
            },
            {
              "name": "RHSA-2018:1320",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1320"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1272",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1272"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1272",
    "datePublished": "2018-04-06T13:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:15:49.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1271
Vulnerability from cvelistv5
Published
2018-04-06 13:00
Modified
2024-09-16 23:16
Severity ?
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack.
References
http://www.securityfocus.com/bid/103699vdb-entry, x_refsource_BID
https://access.redhat.com/errata/RHSA-2018:2669vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:2939vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1320vendor-advisory, x_refsource_REDHAT
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-1271x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.212Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "103699",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103699"
          },
          {
            "name": "RHSA-2018:2669",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2669"
          },
          {
            "name": "RHSA-2018:2939",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2939"
          },
          {
            "name": "RHSA-2018:1320",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1320"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1271"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 5.0.5 and 4.3.15"
            }
          ]
        }
      ],
      "datePublic": "2018-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-22",
              "description": "CWE-22 - Path Traversal",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:03",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "103699",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103699"
        },
        {
          "name": "RHSA-2018:2669",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2669"
        },
        {
          "name": "RHSA-2018:2939",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2939"
        },
        {
          "name": "RHSA-2018:1320",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1320"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1271"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-04-05T00:00:00",
          "ID": "CVE-2018-1271",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 5.0.5 and 4.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to configure Spring MVC to serve static resources (e.g. CSS, JS, images). When static resources are served from a file system on Windows (as opposed to the classpath, or the ServletContext), a malicious user can send a request using a specially crafted URL that can lead a directory traversal attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-22 - Path Traversal"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "103699",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103699"
            },
            {
              "name": "RHSA-2018:2669",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2669"
            },
            {
              "name": "RHSA-2018:2939",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2939"
            },
            {
              "name": "RHSA-2018:1320",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1320"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1271",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1271"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1271",
    "datePublished": "2018-04-06T13:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-16T23:16:43.841Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14062
Vulnerability from cvelistv5
Published
2020-06-14 19:42
Modified
2024-08-04 12:32
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2).
References
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2704x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200702-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.668Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:11",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14062",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to com.sun.org.apache.xalan.internal.lib.sql.JNDIConnectionPool (aka xalan2)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2704",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2704"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14062",
    "datePublished": "2020-06-14T19:42:22",
    "dateReserved": "2020-06-14T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.668Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2016-0762
Vulnerability from cvelistv5
Published
2017-08-10 16:00
Modified
2024-09-17 01:36
Severity ?
Summary
The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
References
http://www.securitytracker.com/id/1037144vdb-entry, x_refsource_SECTRACK
https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2017:2247vendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2017-0457.htmlvendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2017:0455vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/93939vdb-entry, x_refsource_BID
http://www.debian.org/security/2016/dsa-3720vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2017:0456vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4557-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20180605-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T22:30:04.029Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1037144",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1037144"
          },
          {
            "name": "[announce] 20161027 [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "RHSA-2017:2247",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:2247"
          },
          {
            "name": "RHSA-2017:0457",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
          },
          {
            "name": "RHSA-2017:0455",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0455"
          },
          {
            "name": "93939",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/93939"
          },
          {
            "name": "DSA-3720",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2016/dsa-3720"
          },
          {
            "name": "RHSA-2017:0456",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2017:0456"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "USN-4557-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4557-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "9.0.0.M1 to 9.0.0.M9"
            },
            {
              "status": "affected",
              "version": "8.5.0 to 8.5.4"
            },
            {
              "status": "affected",
              "version": "8.0.0.RC1 to 8.0.36"
            },
            {
              "status": "affected",
              "version": "7.0.0 to 7.0.70"
            },
            {
              "status": "affected",
              "version": "6.0.0 to 6.0.45"
            }
          ]
        }
      ],
      "datePublic": "2016-10-27T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Timing Attack",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:37:46",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "1037144",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1037144"
        },
        {
          "name": "[announce] 20161027 [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "RHSA-2017:2247",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:2247"
        },
        {
          "name": "RHSA-2017:0457",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
        },
        {
          "name": "RHSA-2017:0455",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0455"
        },
        {
          "name": "93939",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/93939"
        },
        {
          "name": "DSA-3720",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2016/dsa-3720"
        },
        {
          "name": "RHSA-2017:0456",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2017:0456"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "USN-4557-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4557-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "DATE_PUBLIC": "2016-10-27T00:00:00",
          "ID": "CVE-2016-0762",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "9.0.0.M1 to 9.0.0.M9"
                          },
                          {
                            "version_value": "8.5.0 to 8.5.4"
                          },
                          {
                            "version_value": "8.0.0.RC1 to 8.0.36"
                          },
                          {
                            "version_value": "7.0.0 to 7.0.70"
                          },
                          {
                            "version_value": "6.0.0 to 6.0.45"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Timing Attack"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1037144",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1037144"
            },
            {
              "name": "[announce] 20161027 [SECURITY] CVE-2016-0762 Apache Tomcat Realm Timing Attack",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "RHSA-2017:2247",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:2247"
            },
            {
              "name": "RHSA-2017:0457",
              "refsource": "REDHAT",
              "url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
            },
            {
              "name": "RHSA-2017:0455",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0455"
            },
            {
              "name": "93939",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/93939"
            },
            {
              "name": "DSA-3720",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2016/dsa-3720"
            },
            {
              "name": "RHSA-2017:0456",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2017:0456"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [25/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190319 svn commit: r1855831 [23/30] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [22/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [24/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190325 svn commit: r1856174 [21/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [16/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190413 svn commit: r1857494 [15/20] - in /tomcat/site/trunk: ./ docs/ xdocs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [17/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20190415 svn commit: r1857582 [16/22] - in /tomcat/site/trunk: docs/ xdocs/stylesheets/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200203 svn commit: r1873527 [23/30] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [27/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20200213 svn commit: r1873980 [26/34] - /tomcat/site/trunk/docs/",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "USN-4557-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4557-1/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180605-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180605-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2016-0762",
    "datePublished": "2017-08-10T16:00:00Z",
    "dateReserved": "2015-12-16T00:00:00",
    "dateUpdated": "2024-09-17T01:36:51.388Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10673
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2660x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10673",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:47.873963Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:56:37.760Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:10.672Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:39",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10673",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to com.caucho.config.types.ResourceRef (aka caucho-quercus)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2660",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2660"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10673",
    "datePublished": "2020-03-18T21:17:26",
    "dateReserved": "2020-03-18T00:00:00",
    "dateUpdated": "2024-08-04T11:06:10.672Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11994
Vulnerability from cvelistv5
Published
2020-07-08 15:13
Modified
2024-08-04 11:48
Severity ?
Summary
Server-Side Template Injection and arbitrary file disclosure on Camel templating components
References
https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3Ex_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.522Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Camel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Camel 2.25.0 to 2.25.1, Camel 3.0.0 to 3.3.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected."
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Server-Side Template Injection and arbitrary file disclosure on Camel templating components"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server-Side Template Injection and arbitrary file disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:55",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11994",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Camel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Camel 2.25.0 to 2.25.1, Camel 3.0.0 to 3.3.0. The unsupported Camel 2.x (2.24 and earlier) versions may be also affected."
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Server-Side Template Injection and arbitrary file disclosure on Camel templating components"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server-Side Template Injection and arbitrary file disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/d0e00f2e147a9e9b13a6829133092f349b2882bf6860397368a52600@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11994",
    "datePublished": "2020-07-08T15:13:02",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.522Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9484
Vulnerability from cvelistv5
Published
2020-05-20 18:26
Modified
2024-08-04 10:26
Severity ?
Summary
When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter="null" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed.
References
https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/05/msg00020.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.htmlvendor-advisory, x_refsource_SUSE
https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/05/msg00026.htmlmailing-list, x_refsource_MLIST
http://seclists.org/fulldisclosure/2020/Jun/6mailing-list, x_refsource_FULLDISC
https://security.gentoo.org/glsa/202006-21vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2020/07/msg00010.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3Ex_refsource_MISC
https://security.netapp.com/advisory/ntap-20200528-0005/x_refsource_CONFIRM
http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.htmlx_refsource_MISC
https://www.debian.org/security/2020/dsa-4727vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/4448-1/vendor-advisory, x_refsource_UBUNTU
https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://kc.mcafee.com/corporate/index?page=content&id=SB10332x_refsource_CONFIRM
https://usn.ubuntu.com/4596-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2021/03/01/2mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:26:16.293Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
          },
          {
            "name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:0711",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
          },
          {
            "name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
          },
          {
            "name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
          },
          {
            "name": "GLSA-202006-21",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-21"
          },
          {
            "name": "FEDORA-2020-ce396e7d5c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
          },
          {
            "name": "FEDORA-2020-d9169235a8",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
          },
          {
            "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
          },
          {
            "name": "DSA-4727",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4727"
          },
          {
            "name": "USN-4448-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4448-1/"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
          },
          {
            "name": "USN-4596-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4596-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
          },
          {
            "name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
          },
          {
            "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Remote Code Execution",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:24:10",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
        },
        {
          "name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:0711",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
        },
        {
          "name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
        },
        {
          "name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
        },
        {
          "name": "GLSA-202006-21",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-21"
        },
        {
          "name": "FEDORA-2020-ce396e7d5c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
        },
        {
          "name": "FEDORA-2020-d9169235a8",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
        },
        {
          "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
        },
        {
          "name": "DSA-4727",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4727"
        },
        {
          "name": "USN-4448-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4448-1/"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
        },
        {
          "name": "USN-4596-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4596-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
        },
        {
          "name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77%40%3Cusers.tomcat.apache.org%3E"
        },
        {
          "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c%40%3Cdev.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-9484",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Tomcat 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54, 7.0.0 to 7.0.103"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using Apache Tomcat versions 10.0.0-M1 to 10.0.0-M4, 9.0.0.M1 to 9.0.34, 8.5.0 to 8.5.54 and 7.0.0 to 7.0.103 if a) an attacker is able to control the contents and name of a file on the server; and b) the server is configured to use the PersistenceManager with a FileStore; and c) the PersistenceManager is configured with sessionAttributeValueClassNameFilter=\"null\" (the default unless a SecurityManager is used) or a sufficiently lax filter to allow the attacker provided object to be deserialized; and d) the attacker knows the relative file path from the storage location used by FileStore to the file the attacker has control over; then, using a specifically crafted request, the attacker will be able to trigger remote code execution via deserialization of the file under their control. Note that all of conditions a) to d) must be true for the attack to succeed."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Remote Code Execution"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[tomcat-users] 20200521 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf70f53af27e04869bdac18b1fc14a3ee529e59eb12292c8791a77926@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200523 [SECURITY] [DLA 2217-1] tomcat7 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00020.html"
            },
            {
              "name": "[tomcat-users] 20200524 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r26950738f4b4ca2d256597cf391d52d3450fa665c297ea5ca38f5469@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:0711",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00057.html"
            },
            {
              "name": "[tomcat-dev] 20200527 Re: [SECURITY] CVE-2020-9484 Apache Tomcat Remote Code Execution via session persistence",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r7bc247fffcb1d58415215c861d2354bd653c86266230d78a93c71ae2@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200528 [SECURITY] [DLA 2209-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00026.html"
            },
            {
              "name": "20200602 [CVE-2020-9484] Apache Tomcat RCE via PersistentManager",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2020/Jun/6"
            },
            {
              "name": "GLSA-202006-21",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-21"
            },
            {
              "name": "FEDORA-2020-ce396e7d5c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WJ7XHKWJWDNWXUJH6UB7CLIW4TWOZ26N/"
            },
            {
              "name": "FEDORA-2020-d9169235a8",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GIQHXENTLYUNOES4LXVNJ2NCUQQRF5VJ/"
            },
            {
              "name": "[tomcat-dev] 20200625 svn commit: r1879208 - in /tomcat/site/trunk: docs/security-10.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1c0fb105ce2b93b7ec6fc1b77dd208022621a91c12d1f580813cfed@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20200712 [SECURITY] [DLA 2279-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00010.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r77eae567ed829da9012cadb29af17f2df8fa23bf66faf88229857bb1%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200528-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200528-0005/"
            },
            {
              "name": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/157924/Apache-Tomcat-CVE-2020-9484-Proof-Of-Concept.html"
            },
            {
              "name": "DSA-4727",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4727"
            },
            {
              "name": "USN-4448-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4448-1/"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Created] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r123b3ebe389f46f9d337923f393cdae4d3e9b78d982d706712f0898c@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Updated] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raa4123e472175bb052fbba165d37187cea923f755e8f3f30d124cb3f@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Assigned] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc8473b08abdf3c16494ed817bec1717a0ee0c8080315bc27db5f21c3@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20201013 [jira] [Commented] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf59c72572b9fee674a5d5cc6afeca4ffc3918a02c354a81cc50b7119@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10332"
            },
            {
              "name": "USN-4596-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4596-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[tomcat-dev] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210301 svn commit: r1887027 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf6d5d57b114678d8898005faef31e9fd6d7c981fcc4ccfc3bc272fc9@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-announce] 20210301 [SECURITY] CVE-2021-25329 Apache Tomcat Incomplete fix for CVE-2020-9484 (RCE via session persistence)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfe62fbf9d4c314f166fe8c668e50e5d9dd882a99447f26f0367474bf@%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[oss-security] 20210301 CVE-2021-25329: Apache Tomcat Incomplete fix for CVE-2020-9484",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/03/01/2"
            },
            {
              "name": "[tomee-commits] 20210522 [jira] [Closed] (TOMEE-2909) Impact of security vulnerability(CVE-2020-9484) on TOMEE plus (7.0.7)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8dd19c514face6dd85fd4eab0271854883f40c7307926c1f7cd5400c@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[tomcat-users] 20210701 What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8a2ac0e476dbfc1e6440b09dcc782d444ad635d6da26f0284725a5dc@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210701 Re: What is \"h2c\"? What is CVE-2021-25329? Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb51ccd58b2152fc75125b2406fc93e04ca9d34e737263faa6ff0f41f@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-users] 20210702 Re: CVE-2021-25329, was Re: Most recent security-related update to 8.5",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r11ce01e8a4c7269b88f88212f21830edf73558997ac7744f37769b77@%3Cusers.tomcat.apache.org%3E"
            },
            {
              "name": "[tomcat-dev] 20210712 svn commit: r1891484 - in /tomcat/site/trunk: docs/security-10.html docs/security-7.html docs/security-8.html docs/security-9.html xdocs/security-10.xml xdocs/security-7.xml xdocs/security-8.xml xdocs/security-9.xml",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc1778b38e74b5b6142414d57623bd55b023a72361f422836782fca3c@%3Cdev.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-9484",
    "datePublished": "2020-05-20T18:26:41",
    "dateReserved": "2020-03-01T00:00:00",
    "dateUpdated": "2024-08-04T10:26:16.293Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-24616
Vulnerability from cvelistv5
Published
2020-08-25 17:04
Modified
2024-08-04 15:19
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP).
References
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2814x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T15:19:08.951Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:59",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-24616",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.6 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPDataSource (aka Anteros-DBCP)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2814",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2814"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-24616",
    "datePublished": "2020-08-25T17:04:08",
    "dateReserved": "2020-08-25T00:00:00",
    "dateUpdated": "2024-08-04T15:19:08.951Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-36189
Vulnerability from cvelistv5
Published
2021-01-06 22:29
Modified
2024-08-04 17:23
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource.
References
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2996x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210205-0005/x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:23:09.508Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:22:16",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36189",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to com.newrelic.agent.deps.ch.qos.logback.core.db.DriverManagerConnectionSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2996",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2996"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210205-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210205-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36189",
    "datePublished": "2021-01-06T22:29:28",
    "dateReserved": "2021-01-06T00:00:00",
    "dateUpdated": "2024-08-04T17:23:09.508Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-9548
Vulnerability from cvelistv5
Published
2020-03-02 03:58
Modified
2024-08-04 10:34
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00008.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2634x_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200904-0006/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:34:39.821Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:31",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1%40%3Cdev.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097%40%3Cissues.zookeeper.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-9548",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to br.com.anteros.dbcp.AnterosDBCPConfig (aka anteros-core)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200305 [SECURITY] [DLA 2135-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00008.html"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb6fecb5e96a6d61e175ff49f33f2713798dd05cf03067c169d195596@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-dev] 20200307 [jira] [Created] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r9464a40d25c3ba1a55622db72f113eb494a889656962d098c70c5bb1@%3Cdev.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200307 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd49ab9565bec436a896bc00c4b9fc9dce1598e106c318524fbdfec6@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200308 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r35d30db00440ef63b791c4b7f7acb036e14d4a23afa2a249cb66c0fd@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Commented] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r98c9b6e4c9e17792e2cd1ec3e4aa20b61a791939046d3f10888176bb@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200319 [jira] [Updated] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd5a4457be4623038c3989294429bc063eec433a2e55995d81591e2ca@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "[zookeeper-issues] 20200430 [jira] [Resolved] (ZOOKEEPER-3750) update jackson-databind to address CVE-2020-9547, CVE-2020-9548, CVE-2020-9546",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdd4df698d5d8e635144d2994922bf0842e933809eae259521f3b5097@%3Cissues.zookeeper.apache.org%3E"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2634",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2634"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200904-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200904-0006/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-9548",
    "datePublished": "2020-03-02T03:58:55",
    "dateReserved": "2020-03-02T00:00:00",
    "dateUpdated": "2024-08-04T10:34:39.821Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10683
Vulnerability from cvelistv5
Published
2020-05-01 18:55
Modified
2024-08-04 11:06
Severity ?
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.htmlx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=1694235x_refsource_MISC
https://github.com/dom4j/dom4j/releases/tag/version-2.1.3x_refsource_CONFIRM
https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200518-0002/x_refsource_CONFIRM
https://usn.ubuntu.com/4575-1/vendor-advisory, x_refsource_UBUNTU
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/dom4j/dom4j/issues/87x_refsource_MISC
https://github.com/dom4j/dom4j/commits/version-2.0.3x_refsource_MISC
https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:11.156Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2020:0719",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
          },
          {
            "name": "USN-4575-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4575-1/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dom4j/dom4j/issues/87"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
          },
          {
            "name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
          },
          {
            "name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2020-04-12T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:13:36",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2020:0719",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
        },
        {
          "name": "USN-4575-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4575-1/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dom4j/dom4j/issues/87"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
        },
        {
          "name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
        },
        {
          "name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2020:0719",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html",
              "refsource": "MISC",
              "url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
            },
            {
              "name": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3",
              "refsource": "CONFIRM",
              "url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
            },
            {
              "name": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658",
              "refsource": "CONFIRM",
              "url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200518-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
            },
            {
              "name": "USN-4575-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4575-1/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/dom4j/dom4j/issues/87",
              "refsource": "MISC",
              "url": "https://github.com/dom4j/dom4j/issues/87"
            },
            {
              "name": "https://github.com/dom4j/dom4j/commits/version-2.0.3",
              "refsource": "MISC",
              "url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
            },
            {
              "name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E"
            },
            {
              "name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10683",
    "datePublished": "2020-05-01T18:55:25",
    "dateReserved": "2020-03-20T00:00:00",
    "dateUpdated": "2024-08-04T11:06:11.156Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1270
Vulnerability from cvelistv5
Published
2018-04-06 13:00
Modified
2024-09-16 19:05
Severity ?
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack.
References
https://access.redhat.com/errata/RHSA-2018:2939vendor-advisory, x_refsource_REDHAT
https://www.exploit-db.com/exploits/44796/exploit, x_refsource_EXPLOIT-DB
http://www.securityfocus.com/bid/103696vdb-entry, x_refsource_BID
https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-1270x_refsource_CONFIRM
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.998Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2018:2939",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2939"
          },
          {
            "name": "44796",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/44796/"
          },
          {
            "name": "103696",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103696"
          },
          {
            "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1270"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 5.0.5 and 4.3.15"
            }
          ]
        }
      ],
      "datePublic": "2018-04-05T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 - Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:02",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "RHSA-2018:2939",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2939"
        },
        {
          "name": "44796",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/44796/"
        },
        {
          "name": "103696",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103696"
        },
        {
          "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1270"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-04-05T00:00:00",
          "ID": "CVE-2018-1270",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 5.0.5 and 4.3.15"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.15 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94 - Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2018:2939",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2939"
            },
            {
              "name": "44796",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/44796/"
            },
            {
              "name": "103696",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103696"
            },
            {
              "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190826 [jira] [Created] (AMQ-7288) Security Vulnerabilities in ActiveMQ dependent libraries.",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6d3d34adcf3dfc48e36342aa1f18ce3c20bb8e4c458a97508d5bfed1@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1270",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1270"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1270",
    "datePublished": "2018-04-06T13:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-16T19:05:05.139Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-15756
Vulnerability from cvelistv5
Published
2018-10-18 22:00
Modified
2024-09-16 16:59
Severity ?
7.5 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Summary
Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable.
References
http://www.securityfocus.com/bid/105703vdb-entry, x_refsource_BID
https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-15756x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/04/msg00022.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T10:01:54.549Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "105703",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/105703"
          },
          {
            "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-15756"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring framework",
          "vendor": "Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "5.1"
            },
            {
              "lessThanOrEqual": "5.0.9",
              "status": "affected",
              "version": "5.0.0",
              "versionType": "custom"
            },
            {
              "lessThanOrEqual": "4.3.19",
              "status": "affected",
              "version": "4.3",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-10-16T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Numeric Range Comparison Without Minimum Check",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:37:59",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "105703",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/105703"
        },
        {
          "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-15756"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DoS Attack via Range Requests",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-10-16T07:00:00.000Z",
          "ID": "CVE-2018-15756",
          "STATE": "PUBLIC",
          "TITLE": "DoS Attack via Range Requests"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_name": "5.1",
                            "version_value": "5.1"
                          },
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "5.0.0",
                            "version_value": "5.0.9"
                          },
                          {
                            "affected": "\u003c=",
                            "version_affected": "\u003c=",
                            "version_name": "4.3",
                            "version_value": "4.3.19"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, version 5.1, versions 5.0.x prior to 5.0.10, versions 4.3.x prior to 4.3.20, and older unsupported versions on the 4.2.x branch provide support for range requests when serving static resources through the ResourceHttpRequestHandler, or starting in 5.0 when an annotated controller returns an org.springframework.core.io.Resource. A malicious user (or attacker) can add a range header with a high number of ranges, or with wide ranges that overlap, or both, for a denial of service attack. This vulnerability affects applications that depend on either spring-webmvc or spring-webflux. Such applications must also have a registration for serving static resources (e.g. JS, CSS, images, and others), or have an annotated controller that returns an org.springframework.core.io.Resource. Spring Boot applications that depend on spring-boot-starter-web or spring-boot-starter-webflux are ready to serve static resources out of the box and are therefore vulnerable."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Numeric Range Comparison Without Minimum Check"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "105703",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/105703"
            },
            {
              "name": "[activemq-issues] 20190529 [jira] [Created] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/a3071e11c6fbd593022074ec1b4693f6d948c2b02cfa4a5d854aed68@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190529 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/339fd112517e4873695b5115b96acdddbfc8f83b10598528d37c7d12@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190529 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d6a84f52db89804b0ad965f3ea2b24bb880edee29107a1c5069cc3dd@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190626 [jira] [Assigned] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/bb354962cb51fff65740d5fb1bc2aac56af577c06244b57c36f98e4d@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190626 [jira] [Work logged] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/7b156ee50ba3ecce87b33c06bf7a749d84ffee55e69bfb5eca88fcc3@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190716 [jira] [Commented] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/77886fec378ee6064debb1efb6b464a4a0173b2ff0d151ed86d3a228@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190826 [jira] [Reopened] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8a1fe70534fc52ff5c9db5ac29c55657f802cbefd7e9d9850c7052bd@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190826 [jira] [Closed] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/efaa52b0aa67aae7cbd9e6ef96945387e422d7ce0e65434570a37b1d@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190826 [jira] [Updated] (ARTEMIS-2363) spring-core-5.0.1.RELEASE.jar vulnerable to CVE-2018-15756",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f8905507a2c94af6b08b72d7be0c4b8c6660e585f00abfafeccc86bc@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-15756",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-15756"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-15756",
    "datePublished": "2018-10-18T22:00:00Z",
    "dateReserved": "2018-08-23T00:00:00",
    "dateUpdated": "2024-09-16T16:59:11.041Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11973
Vulnerability from cvelistv5
Published
2020-05-14 16:22
Modified
2024-08-04 11:48
Severity ?
Summary
Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
References
http://www.openwall.com/lists/oss-security/2020/05/14/9mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://camel.apache.org/security/CVE-2020-11973.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:56.989Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/14/9"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://camel.apache.org/security/CVE-2020-11973.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Camel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Java deserialization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:54:04",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/14/9"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://camel.apache.org/security/CVE-2020-11973.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11973",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Camel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Camel Netty enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Java deserialization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11973 released for Apache Camel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/14/9"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://camel.apache.org/security/CVE-2020-11973.html",
              "refsource": "MISC",
              "url": "https://camel.apache.org/security/CVE-2020-11973.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11973",
    "datePublished": "2020-05-14T16:22:23",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:56.989Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7067
Vulnerability from cvelistv5
Published
2020-04-27 20:38
Modified
2024-09-17 02:21
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes.
References
https://www.debian.org/security/2020/dsa-4717vendor-advisory, x_refsource_DEBIAN
https://www.debian.org/security/2020/dsa-4719vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://bugs.php.net/bug.php?id=79465x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200504-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-14x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.020Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-4717",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4717"
          },
          {
            "name": "DSA-4719",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4719"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=79465"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "status": "affected",
              "version": "7.2.x below 7.2.30"
            },
            {
              "status": "affected",
              "version": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "bigshaq at wearehackerone dot com"
        }
      ],
      "datePublic": "2020-04-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-196",
              "description": "CWE-196 Unsigned to Signed Conversion Error",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:07:31",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "name": "DSA-4717",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4717"
        },
        {
          "name": "DSA-4719",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4719"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugs.php.net/bug.php?id=79465"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79465"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "OOB Read in urldecode()",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2020-04-14T03:10:00.000Z",
          "ID": "CVE-2020-7067",
          "STATE": "PUBLIC",
          "TITLE": "OOB Read in urldecode()"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "7.2.x below 7.2.30"
                          },
                          {
                            "version_value": "7.3.x below 7.3.17 and 7.4.x below 7.4.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "bigshaq at wearehackerone dot com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.2.x below 7.2.30, 7.3.x below 7.3.17 and 7.4.x below 7.4.5, if PHP is compiled with EBCDIC support (uncommon), urldecode() function can be made to access locations past the allocated memory, due to erroneously using signed numbers as array indexes."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-196 Unsigned to Signed Conversion Error"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-4717",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4717"
            },
            {
              "name": "DSA-4719",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4719"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=79465",
              "refsource": "CONFIRM",
              "url": "https://bugs.php.net/bug.php?id=79465"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200504-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200504-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=79465"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2020-7067",
    "datePublished": "2020-04-27T20:38:39.634265Z",
    "dateReserved": "2020-01-15T00:00:00",
    "dateUpdated": "2024-09-17T02:21:12.549Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-2399
Vulnerability from cvelistv5
Published
2019-01-16 19:00
Modified
2024-10-02 16:24
Severity ?
Summary
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L).
References
http://www.securityfocus.com/bid/106580vdb-entry, x_refsource_BID
http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T18:49:47.674Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "106580",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/106580"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2019-2399",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-10-02T15:54:23.146633Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-10-02T16:24:07.634Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Communications Diameter Signaling Router (DSR)",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "lessThan": "8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2019-01-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR).",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-01-17T10:57:01",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "name": "106580",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/106580"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2019-2399",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Communications Diameter Signaling Router (DSR)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) component of Oracle Communications Applications (subcomponent: Security). The supported version that is affected is prior to 8.3. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks of this vulnerability can result in unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR). CVSS 3.0 Base Score 6.5 (Confidentiality and Availability impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR).  Successful attacks of this vulnerability can result in  unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data and unauthorized ability to cause a partial denial of service (partial DOS) of Oracle Communications Diameter Signaling Router (DSR)."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "106580",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/106580"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2019-2399",
    "datePublished": "2019-01-16T19:00:00",
    "dateReserved": "2018-12-14T00:00:00",
    "dateUpdated": "2024-10-02T16:24:07.634Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11972
Vulnerability from cvelistv5
Published
2020-05-14 16:26
Modified
2024-08-04 11:48
Severity ?
Summary
Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0.
References
http://www.openwall.com/lists/oss-security/2020/05/14/8mailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/05/14/10mailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://camel.apache.org/security/CVE-2020-11972.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:48:57.301Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/14/8"
          },
          {
            "name": "[oss-security] 20200514 Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/05/14/10"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://camel.apache.org/security/CVE-2020-11972.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Camel",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Java deserialization",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:05",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/14/8"
        },
        {
          "name": "[oss-security] 20200514 Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/05/14/10"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://camel.apache.org/security/CVE-2020-11972.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-11972",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Camel",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Camel RabbitMQ enables Java deserialization by default. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.0, 3.0.0 up to 3.1.0 are affected. 2.x users should upgrade to 2.25.1, 3.x users should upgrade to 3.2.0."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Java deserialization"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20200514 [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/14/8"
            },
            {
              "name": "[oss-security] 20200514 Re: [SECURITY] New security advisory CVE-2020-11972 released for Apache Camel",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/05/14/10"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://camel.apache.org/security/CVE-2020-11972.html",
              "refsource": "MISC",
              "url": "https://camel.apache.org/security/CVE-2020-11972.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-11972",
    "datePublished": "2020-05-14T16:26:03",
    "dateReserved": "2020-04-21T00:00:00",
    "dateUpdated": "2024-08-04T11:48:57.301Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-7060
Vulnerability from cvelistv5
Published
2020-02-10 07:45
Modified
2024-09-17 03:33
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L
Summary
When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash.
References
https://seclists.org/bugtraq/2020/Feb/27mailing-list, x_refsource_BUGTRAQ
https://www.debian.org/security/2020/dsa-4626vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/4279-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2020/dsa-4628vendor-advisory, x_refsource_DEBIAN
https://seclists.org/bugtraq/2020/Feb/31mailing-list, x_refsource_BUGTRAQ
https://lists.debian.org/debian-lts-announce/2020/02/msg00030.htmlmailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202003-57vendor-advisory, x_refsource_GENTOO
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200221-0002/x_refsource_CONFIRM
https://bugs.php.net/bug.php?id=79037x_refsource_MISC
https://seclists.org/bugtraq/2021/Jan/3mailing-list, x_refsource_BUGTRAQ
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-14x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T09:18:03.112Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/27"
          },
          {
            "name": "DSA-4626",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4626"
          },
          {
            "name": "USN-4279-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4279-1/"
          },
          {
            "name": "DSA-4628",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4628"
          },
          {
            "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2020/Feb/31"
          },
          {
            "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
          },
          {
            "name": "openSUSE-SU-2020:0341",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
          },
          {
            "name": "GLSA-202003-57",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202003-57"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=79037"
          },
          {
            "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2021/Jan/3"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.2.27",
              "status": "affected",
              "version": "7.2.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.3.14",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.2",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by reza at iseclab dot org"
        }
      ],
      "datePublic": "2020-01-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-22T17:07:23",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/27"
        },
        {
          "name": "DSA-4626",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4626"
        },
        {
          "name": "USN-4279-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4279-1/"
        },
        {
          "name": "DSA-4628",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4628"
        },
        {
          "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2020/Feb/31"
        },
        {
          "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
        },
        {
          "name": "openSUSE-SU-2020:0341",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
        },
        {
          "name": "GLSA-202003-57",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202003-57"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=79037"
        },
        {
          "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2021/Jan/3"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=79037"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "global buffer-overflow in mbfl_filt_conv_big5_wchar",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2020-01-21T15:21:00.000Z",
          "ID": "CVE-2020-7060",
          "STATE": "PUBLIC",
          "TITLE": "global buffer-overflow in mbfl_filt_conv_big5_wchar"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.2.x",
                            "version_value": "7.2.27"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.14"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by reza at iseclab dot org"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "When using certain mbstring functions to convert multibyte encodings, in PHP versions 7.2.x below 7.2.27, 7.3.x below 7.3.14 and 7.4.x below 7.4.2 it is possible to supply data that will cause function mbfl_filt_conv_big5_wchar to read past the allocated buffer. This may lead to information disclosure or crash."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-125 Out-of-bounds Read"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20200218 [SECURITY] [DSA 4626-1] php7.3 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/27"
            },
            {
              "name": "DSA-4626",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4626"
            },
            {
              "name": "USN-4279-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4279-1/"
            },
            {
              "name": "DSA-4628",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4628"
            },
            {
              "name": "20200219 [SECURITY] [DSA 4628-1] php7.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2020/Feb/31"
            },
            {
              "name": "[debian-lts-announce] 20200228 [SECURITY] [DLA 2124-1] php5 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/02/msg00030.html"
            },
            {
              "name": "openSUSE-SU-2020:0341",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00023.html"
            },
            {
              "name": "GLSA-202003-57",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202003-57"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200221-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200221-0002/"
            },
            {
              "name": "https://bugs.php.net/bug.php?id=79037",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=79037"
            },
            {
              "name": "20210116 Re: [SECURITY] [DSA 4628-1] php7.0 security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2021/Jan/3"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=79037"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2020-7060",
    "datePublished": "2020-02-10T07:45:14.320387Z",
    "dateReserved": "2020-01-15T00:00:00",
    "dateUpdated": "2024-09-17T03:33:06.766Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10969
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane.
References
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2642x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10969",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:45.779442Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:58:54.159Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:13.816Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:44",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10969",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to javax.swing.JEditorPane."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2642",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2642"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10969",
    "datePublished": "2020-03-26T12:43:34",
    "dateReserved": "2020-03-26T00:00:00",
    "dateUpdated": "2024-08-04T11:21:13.816Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-8622
Vulnerability from cvelistv5
Published
2020-08-21 20:50
Modified
2024-09-16 17:14
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Summary
In BIND 9.0.0 -> 9.11.21, 9.12.0 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9.3-S1 -> 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit.
References
https://kb.isc.org/docs/cve-2020-8622x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/vendor-advisory, x_refsource_FEDORA
https://usn.ubuntu.com/4468-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/4468-2/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2020/dsa-4752vendor-advisory, x_refsource_DEBIAN
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/vendor-advisory, x_refsource_FEDORA
https://lists.debian.org/debian-lts-announce/2020/08/msg00053.htmlmailing-list, x_refsource_MLIST
https://security.gentoo.org/glsa/202008-19vendor-advisory, x_refsource_GENTOO
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200827-0003/x_refsource_CONFIRM
https://www.synology.com/security/advisory/Synology_SA_20_19x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T10:03:46.256Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kb.isc.org/docs/cve-2020-8622"
          },
          {
            "name": "FEDORA-2020-a02b7a0f21",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
          },
          {
            "name": "USN-4468-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4468-1/"
          },
          {
            "name": "USN-4468-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4468-2/"
          },
          {
            "name": "DSA-4752",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4752"
          },
          {
            "name": "FEDORA-2020-14c194e5af",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
          },
          {
            "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
          },
          {
            "name": "GLSA-202008-19",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202008-19"
          },
          {
            "name": "openSUSE-SU-2020:1699",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
          },
          {
            "name": "openSUSE-SU-2020:1701",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "BIND9",
          "vendor": "ISC",
          "versions": [
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.0.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.11.22",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.12.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.16.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "lessThan": "unspecified",
              "status": "affected",
              "version": "9.17.0",
              "versionType": "custom"
            },
            {
              "lessThan": "9.17.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            },
            {
              "changes": [
                {
                  "at": "9.11.22-S1",
                  "status": "unaffected"
                }
              ],
              "lessThan": "Supported Preview*",
              "status": "affected",
              "version": "9.9.3-S1",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham of Oracle for bringing this vulnerability to our attention."
        }
      ],
      "datePublic": "2020-08-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit."
        }
      ],
      "exploits": [
        {
          "lang": "en",
          "value": "We are not aware of any active exploits"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Attempting to verify a truncated response to a TSIG-signed request leads to an assertion failure.  Affects BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:22",
        "orgId": "404fd4d2-a609-4245-b543-2c944a302a22",
        "shortName": "isc"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kb.isc.org/docs/cve-2020-8622"
        },
        {
          "name": "FEDORA-2020-a02b7a0f21",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
        },
        {
          "name": "USN-4468-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4468-1/"
        },
        {
          "name": "USN-4468-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4468-2/"
        },
        {
          "name": "DSA-4752",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4752"
        },
        {
          "name": "FEDORA-2020-14c194e5af",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
        },
        {
          "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
        },
        {
          "name": "GLSA-202008-19",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202008-19"
        },
        {
          "name": "openSUSE-SU-2020:1699",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
        },
        {
          "name": "openSUSE-SU-2020:1701",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n    BIND 9.11.22\n    BIND 9.16.6\n    BIND 9.17.4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9.11.22-S1"
        }
      ],
      "source": {
        "discovery": "USER"
      },
      "title": "A truncated TSIG response can lead to an assertion failure",
      "workarounds": [
        {
          "lang": "en",
          "value": "No workarounds known."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-officer@isc.org",
          "DATE_PUBLIC": "2020-08-20T18:35:08.000Z",
          "ID": "CVE-2020-8622",
          "STATE": "PUBLIC",
          "TITLE": "A truncated TSIG response can lead to an assertion failure"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "BIND9",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.0.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.11.22"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.12.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.16.6"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_value": "9.17.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_value": "9.17.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "Supported Preview",
                            "version_value": "9.9.3-S1"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "Supported Preview",
                            "version_value": "9.11.22-S1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "ISC"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "ISC would like to thank Dave Feldman, Jeff Warren, and Joel Cunningham of Oracle for bringing this vulnerability to our attention."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition, An attacker on the network path for a TSIG-signed request, or operating the server receiving the TSIG-signed request, could send a truncated response to that request, triggering an assertion failure, causing the server to exit. Alternately, an off-path attacker would have to correctly guess when a TSIG-signed request was sent, along with other characteristics of the packet and message, and spoof a truncated response to trigger an assertion failure, causing the server to exit."
            }
          ]
        },
        "exploit": [
          {
            "lang": "en",
            "value": "We are not aware of any active exploits"
          }
        ],
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 6.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Attempting to verify a truncated response to a TSIG-signed request leads to an assertion failure.  Affects BIND 9.0.0 -\u003e 9.11.21, 9.12.0 -\u003e 9.16.5, 9.17.0 -\u003e 9.17.3, also affects 9.9.3-S1 -\u003e 9.11.21-S1 of the BIND 9 Supported Preview Edition"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://kb.isc.org/docs/cve-2020-8622",
              "refsource": "CONFIRM",
              "url": "https://kb.isc.org/docs/cve-2020-8622"
            },
            {
              "name": "FEDORA-2020-a02b7a0f21",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DQN62GBMCIC5AY4KYADGXNKVY6AJKSJE/"
            },
            {
              "name": "USN-4468-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4468-1/"
            },
            {
              "name": "USN-4468-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4468-2/"
            },
            {
              "name": "DSA-4752",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4752"
            },
            {
              "name": "FEDORA-2020-14c194e5af",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKAMJZXR66P6S5LEU4SN7USSNCWTXEXP/"
            },
            {
              "name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2355-1] bind9 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00053.html"
            },
            {
              "name": "GLSA-202008-19",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202008-19"
            },
            {
              "name": "openSUSE-SU-2020:1699",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00041.html"
            },
            {
              "name": "openSUSE-SU-2020:1701",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-10/msg00044.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200827-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200827-0003/"
            },
            {
              "name": "https://www.synology.com/security/advisory/Synology_SA_20_19",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/security/advisory/Synology_SA_20_19"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "Upgrade to the patched release most closely related to your current version of BIND:\n\n    BIND 9.11.22\n    BIND 9.16.6\n    BIND 9.17.4\n\nBIND Supported Preview Edition is a special feature preview branch of BIND provided to eligible ISC support customers.\n\n    BIND 9.11.22-S1"
          }
        ],
        "source": {
          "discovery": "USER"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "No workarounds known."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "404fd4d2-a609-4245-b543-2c944a302a22",
    "assignerShortName": "isc",
    "cveId": "CVE-2020-8622",
    "datePublished": "2020-08-21T20:50:19.383306Z",
    "dateReserved": "2020-02-05T00:00:00",
    "dateUpdated": "2024-09-16T17:14:14.760Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-12723
Vulnerability from cvelistv5
Published
2020-06-05 14:20
Modified
2024-08-04 12:04
Severity ?
Summary
regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls.
References
https://security.gentoo.org/glsa/202006-03vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3x_refsource_CONFIRM
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200611-0001/x_refsource_CONFIRM
https://github.com/Perl/perl5/issues/16947x_refsource_MISC
https://github.com/Perl/perl5/issues/17743x_refsource_MISC
https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184ax_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:04:22.480Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-202006-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-03"
          },
          {
            "name": "FEDORA-2020-fd73c08076",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
          },
          {
            "name": "openSUSE-SU-2020:0850",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/issues/16947"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/issues/17743"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:21:14",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-202006-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-03"
        },
        {
          "name": "FEDORA-2020-fd73c08076",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
        },
        {
          "name": "openSUSE-SU-2020:0850",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Perl/perl5/issues/16947"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Perl/perl5/issues/17743"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-12723",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-202006-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-03"
            },
            {
              "name": "FEDORA-2020-fd73c08076",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
            },
            {
              "name": "openSUSE-SU-2020:0850",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
              "refsource": "CONFIRM",
              "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
            },
            {
              "name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
              "refsource": "CONFIRM",
              "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
            },
            {
              "name": "https://github.com/Perl/perl5/issues/16947",
              "refsource": "MISC",
              "url": "https://github.com/Perl/perl5/issues/16947"
            },
            {
              "name": "https://github.com/Perl/perl5/issues/17743",
              "refsource": "MISC",
              "url": "https://github.com/Perl/perl5/issues/17743"
            },
            {
              "name": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a",
              "refsource": "CONFIRM",
              "url": "https://github.com/perl/perl5/commit/66bbb51b93253a3f87d11c2695cfb7bdb782184a"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-12723",
    "datePublished": "2020-06-05T14:20:50",
    "dateReserved": "2020-05-08T00:00:00",
    "dateUpdated": "2024-08-04T12:04:22.480Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-44832
Vulnerability from cvelistv5
Published
2021-12-28 19:35
Modified
2024-08-04 04:32
Severity ?
Summary
Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2.
References
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory, x_refsource_CISCO
https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143x_refsource_MISC
https://issues.apache.org/jira/browse/LOG4J2-3293x_refsource_MISC
http://www.openwall.com/lists/oss-security/2021/12/28/1mailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/12/msg00036.htmlmailing-list, x_refsource_MLIST
https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdfx_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/vendor-advisory, x_refsource_FEDORA
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20220104-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:32:13.076Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
          },
          {
            "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
          },
          {
            "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
          },
          {
            "name": "FEDORA-2021-c6f471ce0f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
          },
          {
            "name": "FEDORA-2021-1bd9151bab",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.12.4",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.3.2",
                  "status": "unaffected"
                },
                {
                  "at": "2.0-beta7",
                  "status": "affected"
                }
              ],
              "lessThan": "2.17.1",
              "status": "affected",
              "version": "log4j-core",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "moderate"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:41:33",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
        },
        {
          "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
        },
        {
          "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
        },
        {
          "name": "FEDORA-2021-c6f471ce0f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
        },
        {
          "name": "FEDORA-2021-1bd9151bab",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "defect": [
          "LOG4J2-3293",
          ""
        ],
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2021-12-27T00:00:00",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2021-12-27T00:00:00",
          "value": "patch proposed, 2.17.1-rc1"
        },
        {
          "lang": "en",
          "time": "2021-12-28T00:00:00",
          "value": "fixed"
        },
        {
          "lang": "en",
          "time": "2021-12-28T00:00:00",
          "value": "public"
        }
      ],
      "title": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-44832",
          "STATE": "PUBLIC",
          "TITLE": "Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Log4j2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.17.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.12.4"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.3.2"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.0-beta7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Log4j2 versions 2.0-beta7 through 2.17.0 (excluding security fix releases 2.3.2 and 2.12.4) are vulnerable to a remote code execution (RCE) attack when a configuration uses a JDBC Appender with a JNDI LDAP data source URI when an attacker has control of the target LDAP server. This issue is fixed by limiting JNDI data source names to the java protocol in Log4j2 versions 2.17.1, 2.12.4, and 2.3.2."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "moderate"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread/s1o5vlo78ypqxnzn6p8zf6t9shtq5143"
            },
            {
              "name": "https://issues.apache.org/jira/browse/LOG4J2-3293",
              "refsource": "MISC",
              "url": "https://issues.apache.org/jira/browse/LOG4J2-3293"
            },
            {
              "name": "[oss-security] 20211228 CVE-2021-44832: Apache Log4j2 vulnerable to RCE via JDBC Appender when attacker controls configuration",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/28/1"
            },
            {
              "name": "[debian-lts-announce] 20211229 [SECURITY] [DLA 2870-1] apache-log4j2 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/12/msg00036.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-784507.pdf"
            },
            {
              "name": "FEDORA-2021-c6f471ce0f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EVV25FXL4FU5X6X5BSL7RLQ7T6F65MRA/"
            },
            {
              "name": "FEDORA-2021-1bd9151bab",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T57MPJUW3MA6QGWZRTMCHHMMPQNVKGFC/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220104-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220104-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "defect": [
            "LOG4J2-3293",
            ""
          ],
          "discovery": "UNKNOWN"
        },
        "timeline": [
          {
            "lang": "en",
            "time": "2021-12-27T00:00:00",
            "value": "reported"
          },
          {
            "lang": "en",
            "time": "2021-12-27T00:00:00",
            "value": "patch proposed, 2.17.1-rc1"
          },
          {
            "lang": "en",
            "time": "2021-12-28T00:00:00",
            "value": "fixed"
          },
          {
            "lang": "en",
            "time": "2021-12-28T00:00:00",
            "value": "public"
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-44832",
    "datePublished": "2021-12-28T19:35:11",
    "dateReserved": "2021-12-11T00:00:00",
    "dateUpdated": "2024-08-04T04:32:13.076Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-17521
Vulnerability from cvelistv5
Published
2020-12-07 19:22
Modified
2024-08-04 14:00
Severity ?
Summary
Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy's implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2.
References
https://groovy-lang.org/security.html#CVE-2020-17521x_refsource_CONFIRM
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20201218-0006/x_refsource_CONFIRM
https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T14:00:48.677Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://groovy-lang.org/security.html#CVE-2020-17521"
          },
          {
            "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20201218-0006/"
          },
          {
            "name": "[atlas-dev] 20210422 [jira] [Created] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "name": "[atlas-dev] 20210422 [jira] [Updated] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Groovy",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "2.0 to 2.4.20"
            },
            {
              "status": "affected",
              "version": "2.5.0 to 2.5.13"
            },
            {
              "status": "affected",
              "version": "3.0.0 to 3.0.6"
            },
            {
              "status": "affected",
              "version": "4.0.0-alpha-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy\u0027s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:14:34",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://groovy-lang.org/security.html#CVE-2020-17521"
        },
        {
          "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20201218-0006/"
        },
        {
          "name": "[atlas-dev] 20210422 [jira] [Created] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "name": "[atlas-dev] 20210422 [jira] [Updated] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08%40%3Cdev.atlas.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-17521",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Groovy",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "2.0 to 2.4.20"
                          },
                          {
                            "version_value": "2.5.0 to 2.5.13"
                          },
                          {
                            "version_value": "3.0.0 to 3.0.6"
                          },
                          {
                            "version_value": "4.0.0-alpha-1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Groovy provides extension methods to aid with creating temporary directories. Prior to this fix, Groovy\u0027s implementation of those extension methods was using a now superseded Java JDK method call that is potentially not secure on some operating systems in some contexts. Users not using the extension methods mentioned in the advisory are not affected, but may wish to read the advisory for further details. Versions Affected: 2.0 to 2.4.20, 2.5.0 to 2.5.13, 3.0.0 to 3.0.6, and 4.0.0-alpha-1. Fixed in versions 2.4.21, 2.5.14, 3.0.7, 4.0.0-alpha-2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://groovy-lang.org/security.html#CVE-2020-17521",
              "refsource": "CONFIRM",
              "url": "https://groovy-lang.org/security.html#CVE-2020-17521"
            },
            {
              "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20201218-0006/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20201218-0006/"
            },
            {
              "name": "[atlas-dev] 20210422 [jira] [Created] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rea63a4666ba245d2892471307772a2d8ce0f0741f341d6576625c1b3@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "[atlas-dev] 20210422 [jira] [Updated] (ATLAS-4257) Atlas - Upgrade groovy to 2.4.21+, 2.5.14+, 3.0.7+, or 4.0.0-alpha-2+ due to CVE-2020-17521",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4b2f13c302eec98838ff7475253091fb9b75bc1038016ba00ebf6c08@%3Cdev.atlas.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-17521",
    "datePublished": "2020-12-07T19:22:37",
    "dateReserved": "2020-08-12T00:00:00",
    "dateUpdated": "2024-08-04T14:00:48.677Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-10173
Vulnerability from cvelistv5
Published
2019-07-23 12:50
Modified
2024-08-04 22:10
Severity ?
7.3 (High) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Summary
It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)
References
https://access.redhat.com/errata/RHSA-2019:3892vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:4352vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0445vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0727vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173x_refsource_CONFIRM
http://x-stream.github.io/changes.html#1.4.11x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T22:10:10.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "RHSA-2019:3892",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3892"
          },
          {
            "name": "RHSA-2019:4352",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:4352"
          },
          {
            "name": "RHSA-2020:0445",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0445"
          },
          {
            "name": "RHSA-2020:0727",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0727"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://x-stream.github.io/changes.html#1.4.11"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xstream",
          "vendor": "xstream",
          "versions": [
            {
              "status": "affected",
              "version": "fixed in 1.4.11"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)"
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-07-20T22:53:25",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "RHSA-2019:3892",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3892"
        },
        {
          "name": "RHSA-2019:4352",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:4352"
        },
        {
          "name": "RHSA-2020:0445",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0445"
        },
        {
          "name": "RHSA-2020:0727",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0727"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://x-stream.github.io/changes.html#1.4.11"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2019-10173",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "xstream",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "fixed in 1.4.11"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "xstream"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "It was found that xstream API version 1.4.10 before 1.4.11 introduced a regression for a previous deserialization flaw. If the security framework has not been initialized, it may allow a remote attacker to run arbitrary shell commands when unmarshalling XML or any supported format. e.g. JSON. (regression of CVE-2013-7285)"
            }
          ]
        },
        "impact": {
          "cvss": [
            [
              {
                "vectorString": "7.3/CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
                "version": "3.0"
              }
            ]
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "RHSA-2019:3892",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3892"
            },
            {
              "name": "RHSA-2019:4352",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:4352"
            },
            {
              "name": "RHSA-2020:0445",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0445"
            },
            {
              "name": "RHSA-2020:0727",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0727"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173",
              "refsource": "CONFIRM",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10173"
            },
            {
              "name": "http://x-stream.github.io/changes.html#1.4.11",
              "refsource": "MISC",
              "url": "http://x-stream.github.io/changes.html#1.4.11"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2019-10173",
    "datePublished": "2019-07-23T12:50:44",
    "dateReserved": "2019-03-27T00:00:00",
    "dateUpdated": "2024-08-04T22:10:10.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1945
Vulnerability from cvelistv5
Published
2020-05-14 15:57
Modified
2024-08-04 06:54
Severity ?
Summary
Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process.
References
https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://usn.ubuntu.com/4380-1/vendor-advisory, x_refsource_UBUNTU
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3Emailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.htmlvendor-advisory, x_refsource_SUSE
https://security.gentoo.org/glsa/202007-34vendor-advisory, x_refsource_GENTOO
https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/09/30/6mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3Emailing-list, x_refsource_MLIST
http://www.openwall.com/lists/oss-security/2020/12/06/1mailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.377Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "USN-4380-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/4380-1/"
          },
          {
            "name": "FEDORA-2020-52741b0a49",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
          },
          {
            "name": "FEDORA-2020-7f07da3fef",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
          },
          {
            "name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
          },
          {
            "name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
          },
          {
            "name": "openSUSE-SU-2020:1022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
          },
          {
            "name": "GLSA-202007-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202007-34"
          },
          {
            "name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
          },
          {
            "name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
          },
          {
            "name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
          },
          {
            "name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
          },
          {
            "name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
          },
          {
            "name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
          },
          {
            "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
          },
          {
            "name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Ant",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "insecure temporary file vulnerability",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:40:33",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890%40%3Ccommits.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735%40%3Ccommits.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c%40%3Cnotifications.groovy.apache.org%3E"
        },
        {
          "name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e%40%3Cdev.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "USN-4380-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/4380-1/"
        },
        {
          "name": "FEDORA-2020-52741b0a49",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
        },
        {
          "name": "FEDORA-2020-7f07da3fef",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
        },
        {
          "name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
        },
        {
          "name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2%40%3Ctorque-dev.db.apache.org%3E"
        },
        {
          "name": "openSUSE-SU-2020:1022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
        },
        {
          "name": "GLSA-202007-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202007-34"
        },
        {
          "name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35%40%3Ccommits.myfaces.apache.org%3E"
        },
        {
          "name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea%40%3Cdev.ant.apache.org%3E"
        },
        {
          "name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc%40%3Cuser.ant.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
        },
        {
          "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65%40%3Cissues.hive.apache.org%3E"
        },
        {
          "name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858%40%3Cnotifications.groovy.apache.org%3E"
        },
        {
          "name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081%40%3Cnotifications.groovy.apache.org%3E"
        },
        {
          "name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6%40%3Ccommits.groovy.apache.org%3E"
        },
        {
          "name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cusers.groovy.apache.org%3E"
        },
        {
          "name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cdev.groovy.apache.org%3E"
        },
        {
          "name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
        },
        {
          "name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967%40%3Cannounce.apache.org%3E"
        },
        {
          "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465%40%3Cnotifications.groovy.apache.org%3E"
        },
        {
          "name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b%40%3Ccommits.myfaces.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a%40%3Cdev.creadur.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1945",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Ant",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Ant 1.1 to 1.9.14 and 1.10.0 to 1.10.7 uses the default temporary directory identified by the Java system property java.io.tmpdir for several tasks and may thus leak sensitive information. The fixcrlf and replaceregexp tasks also copy files from the temporary directory back into the build tree allowing an attacker to inject modified source files into the build process."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "insecure temporary file vulnerability"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[creadur-dev] 20200518 [jira] [Created] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rda80ac59119558eaec452e58ddfac2ccc9211da1c65f7927682c78b1@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20200518 [creadur-rat] 03/03: RAT-269: Update Apache ANT to fix CVE-2020-1945",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfd346609527a79662c48b1da3ac500ec30f29f7ddaa3575051e81890@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-commits] 20200518 [creadur-rat] branch master updated: RAT-269: Update Apache ANT to fix CVE-2020-1945",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re1ce84518d773a94a613d988771daf9252c9cf7375a9a477009f9735@%3Ccommits.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Closed] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r95dc943e47a211d29df605e14f86c280fc9fa8d828b2b53bd07673c9@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd7dda48ff835f4d0293949837d55541bfde3683bd35bd8431e324538@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200518 [jira] [Assigned] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1863b9ce4c3e4b1e5b0c671ad05545ba3eb8399616aa746af5dfe1b1@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20200522 [jira] [Closed] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rdaa9c51d5dc6560c9d2b3f3d742c768ad0705e154041e574a0fae45c@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[hive-dev] 20200530 [jira] [Created] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b32c76afffcf676e13ed635a3332f3e46e6aaa7722eb3fc7a28f58e@%3Cdev.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20200530 [jira] [Assigned] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r0d08a96ba9de8aa435f32944e8b2867c368a518d4ff57782e3637335@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20200530 [jira] [Updated] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4b2904d64affd4266cd72ccb2fc3927c1c2f22009f183095aa46bf90@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[hive-issues] 20200530 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6edd3e2cb79ee635630d891b54a4f1a9cd8c7f639d6ee34e75fbe830@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "USN-4380-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/4380-1/"
            },
            {
              "name": "FEDORA-2020-52741b0a49",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RRVAWTCVXJMRYKQKEXYSNBF7NLSR6OEI/"
            },
            {
              "name": "FEDORA-2020-7f07da3fef",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EQBR65TINSJRN7PTPIVNYS33P535WM74/"
            },
            {
              "name": "[hive-issues] 20200621 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8e24abb7dd77cda14c6df90a377c94f0a413bbfcec90a29540ff8adf@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200703 [jira] [Commented] (RAT-269) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2704fb14ce068c64759a986f81d5b5e42ab434fa13d0f444ad52816b@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r8e592bbfc016a5dbe2a8c0e81ff99682b9c78c453621b82c14e7b75e%40%3Cdev.ant.apache.org%3E"
            },
            {
              "name": "[db-torque-dev] 20200715 svn commit: r1879896 - in /db/torque/torque4/trunk: ./ torque-ant-tasks/ torque-ant-tasks/src/test/java/org/apache/torque/ant/task/ torque-generator/src/main/java/org/apache/torque/generator/control/ torque-generator/src/main/java/org/apache/torque/gen...",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6e295d792032ec02b32be3846c21a58857fba4a077d22c5842d69ba2@%3Ctorque-dev.db.apache.org%3E"
            },
            {
              "name": "openSUSE-SU-2020:1022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00053.html"
            },
            {
              "name": "GLSA-202007-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202007-34"
            },
            {
              "name": "[hive-issues] 20200804 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r815f88d1044760176f30a4913b4baacd06f3eae4eb662de7388e46d8@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[myfaces-commits] 20200826 [myfaces-tobago] branch tobago-2.x updated: update ant because of CVE-2020-1945",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5dfc77048b1f9db26622dce91a6edf083d499397256594952fad5f35@%3Ccommits.myfaces.apache.org%3E"
            },
            {
              "name": "[ant-dev] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc3c8ef9724b5b1e171529b47f4b35cb7920edfb6e917fa21eb6c64ea@%3Cdev.ant.apache.org%3E"
            },
            {
              "name": "[announce] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb8ec556f176c83547b959150e2108e2ddf1d61224295941908b0a81f@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[ant-user] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc89e491b5b270fb40f1210b70554527b737c217ad2e831b643ead6bc@%3Cuser.ant.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200930 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf07feaf78afc8f701e21948a06ef92565d3dff1242d710f4fbf900b2@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20200930 [jira] [Created] (RAT-274) Update to latest Ant in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1a9c992d7c8219dc15b4ad448649f0ffdaa88d76ef6a0035c49455f5@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[oss-security] 20200930 [CVE-2020-11979] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/09/30/6"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1dc8518dc99c42ecca5ff82d0d2de64cd5d3a4fa691eb9ee0304781e@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Assigned] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r4ca33fad3fb39d130cda287d5a60727d9e706e6f2cf2339b95729490@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r107ea1b1a7a214bc72fe1a04207546ccef542146ae22952e1013b5cc@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Updated] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r2306b67f20c24942b872b0a41fbdc9330e8467388158bcd19c1094e0@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "[creadur-dev] 20201006 [jira] [Resolved] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r5e1cdd79f019162f76414708b2092acad0a6703d666d72d717319305@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "[hive-issues] 20201022 [jira] [Commented] (HIVE-23583) Fix CVE-2020-1945: Apache Ant insecure temporary file vulnerability by updating to latest ANT",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r3cea0f3da4f6d06d7afb6c0804da8e01773a0f50a09b8d9beb2cda65@%3Cissues.hive.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20201126 [jira] [Updated] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6030d34ceacd0098538425c5dac8251ffc7fd90b886942bc7ef87858@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20201126 [jira] [Comment Edited] (GROOVY-9552) Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rce099751721c26a8166d8b6578293820832831a0b2cb8d93b8efa081@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-commits] 20201126 [groovy] branch GROOVY_2_4_X updated: GROOVY-9552: Bump Ant versions to address: [CVE-2020-1945] Apache Ant insecure temporary file vulnerability",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r6970d196cd73863dafdbc3a7052562deedd338e3bd7d73d8171d92d6@%3Ccommits.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-users] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cusers.groovy.apache.org%3E"
            },
            {
              "name": "[groovy-dev] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cdev.groovy.apache.org%3E"
            },
            {
              "name": "[oss-security] 20201206 [CVE-2020-17521]: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/12/06/1"
            },
            {
              "name": "[announce] 20201205 [SECURITY] CVE-2020-17521: Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra12c3e23b021f259a201648005b9946acd7f618a6f32301c97047967@%3Cannounce.apache.org%3E"
            },
            {
              "name": "[groovy-notifications] 20201207 [jira] [Closed] (GROOVY-9824) CVE-2020-17521 Apache Groovy Information Disclosure",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ra9dab34bf8625511f23692ad0fcee2725f782e9aad6c5cdff6cf4465@%3Cnotifications.groovy.apache.org%3E"
            },
            {
              "name": "[myfaces-commits] 20201211 [myfaces-tobago] 02/22: update ant because of CVE-2020-1945",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rb860063819b9c0990e1fbce29d83f4554766fe5a05e3b3939736bf2b@%3Ccommits.myfaces.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "[creadur-dev] 20210419 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/raaeddc41da8f3afb1cb224876084a45f68e437a0afd9889a707e4b0c@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "[creadur-dev] 20210621 [jira] [Commented] (RAT-274) Update to at least Ant 1.10.8/1.9.15 in order to fix CVE-2020-11979 / raise compiler level to JDK8",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rbfe9ba28b74f39f46ec1bbbac3bef313f35017cf3aac13841a84483a@%3Cdev.creadur.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1945",
    "datePublished": "2020-05-14T15:57:34",
    "dateReserved": "2019-12-02T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.377Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-45105
Vulnerability from cvelistv5
Published
2021-12-18 11:55
Modified
2024-08-04 04:39
Severity ?
Summary
Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1.
References
https://logging.apache.org/log4j/2.x/security.htmlx_refsource_MISC
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032x_refsource_CONFIRM
https://www.kb.cert.org/vuls/id/930724third-party-advisory, x_refsource_CERT-VN
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbdvendor-advisory, x_refsource_CISCO
http://www.openwall.com/lists/oss-security/2021/12/19/1mailing-list, x_refsource_MLIST
https://www.debian.org/security/2021/dsa-5024vendor-advisory, x_refsource_DEBIAN
https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdfx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20211218-0001/x_refsource_CONFIRM
https://www.zerodayinitiative.com/advisories/ZDI-21-1541/x_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdfx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T04:39:20.295Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://logging.apache.org/log4j/2.x/security.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
          },
          {
            "name": "VU#930724",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/930724"
          },
          {
            "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
          },
          {
            "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
          },
          {
            "name": "DSA-5024",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5024"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Log4j2",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "changes": [
                {
                  "at": "2.13.0",
                  "status": "affected"
                },
                {
                  "at": "2.12.3",
                  "status": "unaffected"
                },
                {
                  "at": "2.4",
                  "status": "affected"
                },
                {
                  "at": "2.3.1",
                  "status": "unaffected"
                },
                {
                  "at": "2.0-alpha1",
                  "status": "affected"
                }
              ],
              "lessThan": "2.17.0",
              "status": "affected",
              "version": "log4j-core",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "other": "high"
            },
            "type": "unknown"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20 Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-674",
              "description": "CWE-674: Uncontrolled Recursion",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:41:57",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://logging.apache.org/log4j/2.x/security.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
        },
        {
          "name": "VU#930724",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/930724"
        },
        {
          "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
        },
        {
          "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
        },
        {
          "name": "DSA-5024",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5024"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "source": {
        "defect": [
          "LOG4J2-3230"
        ],
        "discovery": "UNKNOWN"
      },
      "title": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
      "workarounds": [
        {
          "lang": "en",
          "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-45105",
          "STATE": "PUBLIC",
          "TITLE": "Apache Log4j2 does not always protect from infinite recursion in lookup evaluation"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Log4j2",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.17.0"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.13.0"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.12.3"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.4"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "log4j-core",
                            "version_value": "2.3.1"
                          },
                          {
                            "version_affected": "\u003e=",
                            "version_name": "log4j-core",
                            "version_value": "2.0-alpha1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Independently discovered by Hideki Okamoto of Akamai Technologies, Guy Lederfein of Trend Micro Research working with Trend Micro\u2019s Zero Day Initiative, and another anonymous vulnerability researcher"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Log4j2 versions 2.0-alpha1 through 2.16.0 (excluding 2.12.3 and 2.3.1) did not protect from uncontrolled recursion from self-referential lookups. This allows an attacker with control over Thread Context Map data to cause a denial of service when a crafted string is interpreted. This issue was fixed in Log4j 2.17.0, 2.12.3, and 2.3.1."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {
            "other": "high"
          }
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-20 Improper Input Validation"
                }
              ]
            },
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-674: Uncontrolled Recursion"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://logging.apache.org/log4j/2.x/security.html",
              "refsource": "MISC",
              "url": "https://logging.apache.org/log4j/2.x/security.html"
            },
            {
              "name": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032",
              "refsource": "CONFIRM",
              "url": "https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032"
            },
            {
              "name": "VU#930724",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/930724"
            },
            {
              "name": "20211210 Vulnerabilities in Apache Log4j Library Affecting Cisco Products: December 2021",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd"
            },
            {
              "name": "[oss-security] 20211218 CVE-2021-45105: Apache Log4j2 does not always protect from infinite recursion in lookup evaluation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/12/19/1"
            },
            {
              "name": "DSA-5024",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5024"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-479842.pdf"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211218-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211218-0001/"
            },
            {
              "name": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/",
              "refsource": "MISC",
              "url": "https://www.zerodayinitiative.com/advisories/ZDI-21-1541/"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        },
        "source": {
          "defect": [
            "LOG4J2-3230"
          ],
          "discovery": "UNKNOWN"
        },
        "work_around": [
          {
            "lang": "en",
            "value": "Implement one of the following mitigation techniques:\n\n* Java 8 (or later) users should upgrade to release 2.17.0.\n\nAlternatively, this can be mitigated in configuration:\n\n* In PatternLayout in the logging configuration, replace Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` with Thread Context Map patterns (%X, %mdc, or %MDC).\n* Otherwise, in the configuration, remove references to Context Lookups like `${ctx:loginId}` or `$${ctx:loginId}` where they originate \nfrom sources external to the application such as HTTP headers or user input."
          }
        ]
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-45105",
    "datePublished": "2021-12-18T11:55:08",
    "dateReserved": "2021-12-16T00:00:00",
    "dateUpdated": "2024-08-04T04:39:20.295Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14787
Vulnerability from cvelistv5
Published
2020-10-21 14:04
Modified
2024-09-26 20:23
Severity ?
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N).
References
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:53:43.397Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2020-14787",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-26T19:44:34.019386Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-26T20:23:06.609Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Communications Diameter Signaling Router (DSR)",
          "vendor": "Oracle Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "8.0.0.0-8.4.0.5"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR).  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as  unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-21T14:04:25",
        "orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
        "shortName": "oracle"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert_us@oracle.com",
          "ID": "CVE-2020-14787",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Communications Diameter Signaling Router (DSR)",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_value": "8.0.0.0-8.4.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Oracle Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Vulnerability in the Oracle Communications Diameter Signaling Router (DSR) product of Oracle Communications (component: User Interface). Supported versions that are affected are 8.0.0.0-8.4.0.5. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR). Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data. CVSS 3.1 Base Score 5.4 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N)."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.4",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Communications Diameter Signaling Router (DSR).  Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Communications Diameter Signaling Router (DSR), attacks may significantly impact additional products. Successful attacks of this vulnerability can result in  unauthorized update, insert or delete access to some of Oracle Communications Diameter Signaling Router (DSR) accessible data as well as  unauthorized read access to a subset of Oracle Communications Diameter Signaling Router (DSR) accessible data."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
    "assignerShortName": "oracle",
    "cveId": "CVE-2020-14787",
    "datePublished": "2020-10-21T14:04:25",
    "dateReserved": "2020-06-19T00:00:00",
    "dateUpdated": "2024-09-26T20:23:06.609Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10543
Vulnerability from cvelistv5
Published
2020-06-05 13:17
Modified
2024-08-04 11:06
Severity ?
Summary
Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow.
References
https://security.gentoo.org/glsa/202006-03vendor-advisory, x_refsource_GENTOO
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/vendor-advisory, x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03edx_refsource_CONFIRM
https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3x_refsource_CONFIRM
https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.podx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200611-0001/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:09.544Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-202006-03",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202006-03"
          },
          {
            "name": "FEDORA-2020-fd73c08076",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
          },
          {
            "name": "openSUSE-SU-2020:0850",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-19T23:20:49",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-202006-03",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202006-03"
        },
        {
          "name": "FEDORA-2020-fd73c08076",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
        },
        {
          "name": "openSUSE-SU-2020:0850",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10543",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-202006-03",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202006-03"
            },
            {
              "name": "FEDORA-2020-fd73c08076",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IN3TTBO5KSGWE5IRIKDJ5JSQRH7ANNXE/"
            },
            {
              "name": "openSUSE-SU-2020:0850",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00044.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed",
              "refsource": "CONFIRM",
              "url": "https://github.com/perl/perl5/commit/897d1f7fd515b828e4b198d8b8bef76c6faf03ed"
            },
            {
              "name": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3",
              "refsource": "CONFIRM",
              "url": "https://github.com/Perl/perl5/compare/v5.30.2...v5.30.3"
            },
            {
              "name": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod",
              "refsource": "CONFIRM",
              "url": "https://github.com/Perl/perl5/blob/blead/pod/perl5303delta.pod"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200611-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200611-0001/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10543",
    "datePublished": "2020-06-05T13:17:49",
    "dateReserved": "2020-03-13T00:00:00",
    "dateUpdated": "2024-08-04T11:06:09.544Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14060
Vulnerability from cvelistv5
Published
2020-06-14 20:46
Modified
2024-08-04 12:32
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill).
References
https://github.com/FasterXML/jackson-databind/issues/2688x_refsource_MISC
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200702-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.684Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:07",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14060",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oadd.org.apache.xalan.lib.sql.JNDIConnectionPool (aka apache/drill)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2688",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2688"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14060",
    "datePublished": "2020-06-14T20:46:47",
    "dateReserved": "2020-06-14T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.684Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-14061
Vulnerability from cvelistv5
Published
2020-06-14 19:42
Modified
2024-08-04 12:32
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms).
References
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2698x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2020/07/msg00001.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200702-0003/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T12:32:14.691Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
          },
          {
            "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:39:09",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
        },
        {
          "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-14061",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.5 mishandles the interaction between serialization gadgets and typing, related to oracle.jms.AQjmsQueueConnectionFactory, oracle.jms.AQjmsXATopicConnectionFactory, oracle.jms.AQjmsTopicConnectionFactory, oracle.jms.AQjmsXAQueueConnectionFactory, and oracle.jms.AQjmsXAConnectionFactory (aka weblogic/oracle-aqjms)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2698",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2698"
            },
            {
              "name": "[debian-lts-announce] 20200701 [SECURITY] [DLA 2270-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/07/msg00001.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200702-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200702-0003/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-14061",
    "datePublished": "2020-06-14T19:42:39",
    "dateReserved": "2020-06-14T00:00:00",
    "dateUpdated": "2024-08-04T12:32:14.691Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-11619
Vulnerability from cvelistv5
Published
2020-04-07 22:14
Modified
2024-08-04 11:35
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop).
References
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2680x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200511-0004/x_refsource_CONFIRM
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:35:13.200Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-20T14:42:04",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11619",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.springframework.aop.config.MethodLocatingFactoryBean (aka spring-aop)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2680",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2680"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200511-0004/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200511-0004/"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11619",
    "datePublished": "2020-04-07T22:14:09",
    "dateReserved": "2020-04-07T00:00:00",
    "dateUpdated": "2024-08-04T11:35:13.200Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10968
Vulnerability from cvelistv5
Published
2020-03-26 12:43
Modified
2024-08-04 11:21
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy).
References
https://lists.debian.org/debian-lts-announce/2020/04/msg00012.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://github.com/FasterXML/jackson-databind/issues/2662x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10968",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:46.867668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:57:31.283Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:21:14.276Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:43",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10968",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.aoju.bus.proxy.provider.remoting.RmiProvider (aka bus-proxy)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200417 [SECURITY] [DLA 2179-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/04/msg00012.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2662",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2662"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10968",
    "datePublished": "2020-03-26T12:43:45",
    "dateReserved": "2020-03-26T00:00:00",
    "dateUpdated": "2024-08-04T11:21:14.276Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-37136
Vulnerability from cvelistv5
Published
2021-10-19 00:00
Modified
2024-08-04 01:16
Severity ?
Summary
The Bzip2 decompression decoder function doesn't allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack
References
https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv
https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3Emailing-list
https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3Emailing-list
https://www.oracle.com/security-alerts/cpujan2022.html
https://www.oracle.com/security-alerts/cpuapr2022.html
https://security.netapp.com/advisory/ntap-20220210-0012/
https://www.oracle.com/security-alerts/cpujul2022.html
https://lists.debian.org/debian-lts-announce/2023/01/msg00008.htmlmailing-list
https://www.debian.org/security/2023/dsa-5316vendor-advisory
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:16:02.944Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
          },
          {
            "name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
            "tags": [
              "mailing-list",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
          },
          {
            "name": "DSA-5316",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2023/dsa-5316"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Netty",
          "vendor": "The Netty project",
          "versions": [
            {
              "lessThan": "4.1.68Final",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Bzip2 decompression decoder function doesn\u0027t allow setting size restrictions on the decompressed output data (which affects the allocation size used during decompression). All users of Bzip2Decoder are affected. The malicious input can trigger an OOME and so a DoS attack"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-400",
              "description": "CWE-400",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-01-12T00:00:00",
        "orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
        "shortName": "JFROG"
      },
      "references": [
        {
          "url": "https://github.com/netty/netty/security/advisories/GHSA-grg4-wf29-r9vv"
        },
        {
          "name": "[tinkerpop-dev] 20211025 [jira] [Created] (TINKERPOP-2632) Netty 4.1.61 flagged with two high severity security violations",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rfb2bf8597e53364ccab212fbcbb2a4e9f0a9e1429b1dc08023c6868e%40%3Cdev.tinkerpop.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson opened a new pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r75490c61c2cb7b6ae2c81238fd52ae13636c60435abcd732d41531a0%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211025 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5406eaf3b07577d233b9f07cfc8f26e28369e6bab5edfcab41f28abb%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211025 [GitHub] [druid] a2l007 commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r5e05eba32476c580412f9fbdfc9b8782d5b40558018ac4ac07192a04%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211026 [GitHub] [druid] clintropolis merged pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/r06a145c9bd41a7344da242cef07977b24abe3349161ede948e30913d%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "name": "[druid-commits] 20211026 [GitHub] [druid] jihoonson commented on pull request #11844: Bump netty4 to 4.1.68; suppress CVE-2021-37136 and CVE-2021-37137 for netty3",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.apache.org/thread.html/rd262f59b1586a108e320e5c966feeafbb1b8cdc96965debc7cc10b16%40%3Ccommits.druid.apache.org%3E"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "url": "https://security.netapp.com/advisory/ntap-20220210-0012/"
        },
        {
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "[debian-lts-announce] 20230111 [SECURITY] [DLA 3268-1] netty security update",
          "tags": [
            "mailing-list"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2023/01/msg00008.html"
        },
        {
          "name": "DSA-5316",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2023/dsa-5316"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
    "assignerShortName": "JFROG",
    "cveId": "CVE-2021-37136",
    "datePublished": "2021-10-19T00:00:00",
    "dateReserved": "2021-07-20T00:00:00",
    "dateUpdated": "2024-08-04T01:16:02.944Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2019-14379
Vulnerability from cvelistv5
Published
2019-07-29 11:42
Modified
2024-08-05 00:19
Severity ?
Summary
SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution.
References
https://lists.debian.org/debian-lts-announce/2019/08/msg00011.htmlmailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2743vendor-advisory, x_refsource_REDHAT
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/vendor-advisory, x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/vendor-advisory, x_refsource_FEDORA
https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:2858vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2937vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2935vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2936vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2938vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:2998vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHBA-2019:2824vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3044vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3045vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3050vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3046vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3149vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3200vendor-advisory, x_refsource_REDHAT
https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3Emailing-list, x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2019:3292vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3297vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2019:3901vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2020:0727vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2387x_refsource_MISC
https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2x_refsource_MISC
https://security.netapp.com/advisory/ntap-20190814-0001/x_refsource_CONFIRM
https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://support.apple.com/kb/HT213189x_refsource_CONFIRM
http://seclists.org/fulldisclosure/2022/Mar/23mailing-list, x_refsource_FULLDISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T00:19:40.551Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
          },
          {
            "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E"
          },
          {
            "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E"
          },
          {
            "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2743",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2743"
          },
          {
            "name": "FEDORA-2019-99ff6aa32c",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
          },
          {
            "name": "FEDORA-2019-ae6a703b8f",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
          },
          {
            "name": "FEDORA-2019-fb23eccc03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
          },
          {
            "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
          },
          {
            "name": "RHSA-2019:2858",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2858"
          },
          {
            "name": "RHSA-2019:2937",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2937"
          },
          {
            "name": "RHSA-2019:2935",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2935"
          },
          {
            "name": "RHSA-2019:2936",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2936"
          },
          {
            "name": "RHSA-2019:2938",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2938"
          },
          {
            "name": "RHSA-2019:2998",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2998"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "RHBA-2019:2824",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHBA-2019:2824"
          },
          {
            "name": "RHSA-2019:3044",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3044"
          },
          {
            "name": "RHSA-2019:3045",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3045"
          },
          {
            "name": "RHSA-2019:3050",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3050"
          },
          {
            "name": "RHSA-2019:3046",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3046"
          },
          {
            "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3149",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3149"
          },
          {
            "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
          },
          {
            "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3200",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3200"
          },
          {
            "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
          },
          {
            "name": "RHSA-2019:3292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3292"
          },
          {
            "name": "RHSA-2019:3297",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3297"
          },
          {
            "name": "RHSA-2019:3901",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:3901"
          },
          {
            "name": "RHSA-2020:0727",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2020:0727"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
          },
          {
            "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT213189"
          },
          {
            "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-03-15T05:06:54",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
        },
        {
          "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f%40%3Ccommits.ambari.apache.org%3E"
        },
        {
          "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a%40%3Ccommits.ambari.apache.org%3E"
        },
        {
          "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb%40%3Ccommits.pulsar.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef%40%3Cdev.struts.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b%40%3Cdev.tomee.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2743",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2743"
        },
        {
          "name": "FEDORA-2019-99ff6aa32c",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
        },
        {
          "name": "FEDORA-2019-ae6a703b8f",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
        },
        {
          "name": "FEDORA-2019-fb23eccc03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
        },
        {
          "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69%40%3Ccommits.tinkerpop.apache.org%3E"
        },
        {
          "name": "RHSA-2019:2858",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2858"
        },
        {
          "name": "RHSA-2019:2937",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2937"
        },
        {
          "name": "RHSA-2019:2935",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2935"
        },
        {
          "name": "RHSA-2019:2936",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2936"
        },
        {
          "name": "RHSA-2019:2938",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2938"
        },
        {
          "name": "RHSA-2019:2998",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2998"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "RHBA-2019:2824",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHBA-2019:2824"
        },
        {
          "name": "RHSA-2019:3044",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3044"
        },
        {
          "name": "RHSA-2019:3045",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3045"
        },
        {
          "name": "RHSA-2019:3050",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3050"
        },
        {
          "name": "RHSA-2019:3046",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3046"
        },
        {
          "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3149",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3149"
        },
        {
          "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f%40%3Cdev.drill.apache.org%3E"
        },
        {
          "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc%40%3Cissues.drill.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3200",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3200"
        },
        {
          "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6%40%3Cissues.iceberg.apache.org%3E"
        },
        {
          "name": "RHSA-2019:3292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3292"
        },
        {
          "name": "RHSA-2019:3297",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3297"
        },
        {
          "name": "RHSA-2019:3901",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:3901"
        },
        {
          "name": "RHSA-2020:0727",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2020:0727"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
        },
        {
          "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0%40%3Cissues.bookkeeper.apache.org%3E"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT213189"
        },
        {
          "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-14379",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SubTypeValidator.java in FasterXML jackson-databind before 2.9.9.2 mishandles default typing when ehcache is used (because of net.sf.ehcache.transaction.manager.DefaultTransactionManagerLookup), leading to remote code execution."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20190812 [SECURITY] [DLA 1879-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2019/08/msg00011.html"
            },
            {
              "name": "[ambari-commits] 20190813 [ambari] branch branch-2.7 updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379 (#3066)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/e25e734c315f70d8876a846926cfe3bfa1a4888044f146e844caf72f@%3Ccommits.ambari.apache.org%3E"
            },
            {
              "name": "[ambari-commits] 20190813 [ambari] branch trunk updated: AMBARI-25352 : Upgrade fasterxml jackson dependency due to CVE-2019-14379(trunk) (#3067)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f17f63b0f8a57e4a5759e01d25cffc0548f0b61ff5c6bfd704ad2f2a@%3Ccommits.ambari.apache.org%3E"
            },
            {
              "name": "[pulsar-commits] 20190822 [GitHub] [pulsar] massakam opened a new pull request #5011: [security] Upgrade jackson-databind",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/525bcf949a4b0da87a375cbad2680b8beccde749522f24c49befe7fb@%3Ccommits.pulsar.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0d4b630d9ee724aee50703397d9d1afa2b2befc9395ba7797d0ccea9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] asf-ci commented on issue #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/56c8042873595b8c863054c7bfccab4bf2c01c6f5abedae249d914b9@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2d2a76440becb610b9a9cb49b15eac3934b02c2dbcaacde1000353e4@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] rzo1 opened a new pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/34717424b4d08b74f65c09a083d6dd1cb0763f37a15d6de135998c1d@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190905 [GitHub] [tomee] robert-schaft-hon commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ee0a051428d2c719acfa297d0854a189ea5e284ef3ed491fa672f4be@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190906 [GitHub] [tomee] rzo1 commented on issue #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5ecc333113b139429f4f05000d4aa2886974d4df3269c1dd990bb319@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[struts-dev] 20190908 Build failed in Jenkins: Struts-master-JDK8-dependency-check #204",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/940b4c3fef002461b89a050935337056d4a036a65ef68e0bbd4621ef@%3Cdev.struts.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #549: [TOMEE-2655] [7.1.x] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/5fc0e16b7af2590bf1e97c76c136291c4fdb244ee63c65c485c9a7a1@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-dev] 20190909 [GitHub] [tomee] jgallimore merged pull request #548: [TOMEE-2655] Updates jackson-databind to 2.9.9.3 to mitigate CVE-2019-12384, CVE-2019-12814, CVE-2019-14379 and CVE-2019-14439",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/87e46591de8925f719664a845572d184027258c5a7af0a471b53c77b@%3Cdev.tomee.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2743",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2743"
            },
            {
              "name": "FEDORA-2019-99ff6aa32c",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UKUALE2TUCKEKOHE2D342PQXN4MWCSLC/"
            },
            {
              "name": "FEDORA-2019-ae6a703b8f",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OVRZDN2T6AZ6DJCZJ3VSIQIVHBVMVWBL/"
            },
            {
              "name": "FEDORA-2019-fb23eccc03",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TXRVXNRFHJSQWFHPRJQRI5UPMZ63B544/"
            },
            {
              "name": "[tinkerpop-commits] 20190924 [GitHub] [tinkerpop] justinchuch opened a new pull request #1200: Upgrade jackson due to CVE issues",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/0fcef7321095ce0bc597d468d150cff3d647f4cb3aef3bd4d20e1c69@%3Ccommits.tinkerpop.apache.org%3E"
            },
            {
              "name": "RHSA-2019:2858",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2858"
            },
            {
              "name": "RHSA-2019:2937",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2937"
            },
            {
              "name": "RHSA-2019:2935",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2935"
            },
            {
              "name": "RHSA-2019:2936",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2936"
            },
            {
              "name": "RHSA-2019:2938",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2938"
            },
            {
              "name": "RHSA-2019:2998",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2998"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue opened a new pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/859815b2e9f1575acbb2b260b73861c16ca49bca627fa0c46419051f@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah opened a new pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/689c6bcc6c7612eee71e453a115a4c8581e7b718537025d4b265783d@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/2766188be238a446a250ef76801037d452979152d85bce5e46805815@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] mccheah commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/75f482fdc84abe6d0c8f438a76437c335a7bbeb5cddd4d70b4bc0cbf@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue closed pull request #533: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/99944f86abefde389da9b4040ea2327c6aa0b53a2ff9352bd4cfec17@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue merged pull request #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/8723b52c2544e6cb804bc8a36622c584acd1bd6c53f2b6034c9fea54@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "[iceberg-issues] 20191010 [GitHub] [incubator-iceberg] rdblue commented on issue #533: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/d161ff3d59c5a8213400dd6afb1cce1fac4f687c32d1e0c0bfbfaa2d@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "RHBA-2019:2824",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHBA-2019:2824"
            },
            {
              "name": "RHSA-2019:3044",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3044"
            },
            {
              "name": "RHSA-2019:3045",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3045"
            },
            {
              "name": "RHSA-2019:3050",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3050"
            },
            {
              "name": "RHSA-2019:3046",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3046"
            },
            {
              "name": "[drill-dev] 20191017 Dependencies used by Drill contain known vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/b0656d359c7d40ec9f39c8cc61bca66802ef9a2a12ee199f5b0c1442@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3149",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3149"
            },
            {
              "name": "[drill-dev] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/519eb0fd45642dcecd9ff74cb3e71c20a4753f7d82e2f07864b5108f@%3Cdev.drill.apache.org%3E"
            },
            {
              "name": "[drill-issues] 20191021 [jira] [Created] (DRILL-7416) Updates required to dependencies to resolve potential security vulnerabilities",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/f9bc3e55f4e28d1dcd1a69aae6d53e609a758e34d2869b4d798e13cc@%3Cissues.drill.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3200",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3200"
            },
            {
              "name": "[iceberg-issues] 20191027 [GitHub] [incubator-iceberg] rdsr commented on issue #535: Update Jackson to 2.9.10 for CVE-2019-14379",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/6788e4c991f75b89d290ad06b463fcd30bcae99fee610345a35b7bc6@%3Cissues.iceberg.apache.org%3E"
            },
            {
              "name": "RHSA-2019:3292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3292"
            },
            {
              "name": "RHSA-2019:3297",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3297"
            },
            {
              "name": "RHSA-2019:3901",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:3901"
            },
            {
              "name": "RHSA-2020:0727",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2020:0727"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2387",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2387"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/compare/jackson-databind-2.9.9.1...jackson-databind-2.9.9.2"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190814-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190814-0001/"
            },
            {
              "name": "[bookkeeper-issues] 20200729 [GitHub] [bookkeeper] padma81 opened a new issue #2387: Security vulnerabilities in the apache/bookkeeper-4.9.2 image",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r1b103833cb5bc8466e24ff0ecc5e75b45a705334ab6a444e64e840a0@%3Cissues.bookkeeper.apache.org%3E"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://support.apple.com/kb/HT213189",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT213189"
            },
            {
              "name": "20220314 APPLE-SA-2022-03-14-7 Xcode 13.3",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2022/Mar/23"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-14379",
    "datePublished": "2019-07-29T11:42:42",
    "dateReserved": "2019-07-29T00:00:00",
    "dateUpdated": "2024-08-05T00:19:40.551Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2017-5715
Vulnerability from cvelistv5
Published
2018-01-04 13:00
Modified
2024-09-17 03:28
Severity ?
Summary
Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis.
References
http://nvidia.custhelp.com/app/answers/detail/a_id/4609x_refsource_CONFIRM
https://usn.ubuntu.com/3560-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/07/msg00015.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2018/dsa-4187vendor-advisory, x_refsource_DEBIAN
https://usn.ubuntu.com/3542-2/vendor-advisory, x_refsource_UBUNTU
https://security.gentoo.org/glsa/201810-06vendor-advisory, x_refsource_GENTOO
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.htmlx_refsource_CONFIRM
https://usn.ubuntu.com/3540-2/vendor-advisory, x_refsource_UBUNTU
https://access.redhat.com/security/vulnerabilities/speculativeexecutionx_refsource_CONFIRM
https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2018/09/msg00007.htmlmailing-list, x_refsource_MLIST
https://usn.ubuntu.com/3597-1/vendor-advisory, x_refsource_UBUNTU
https://lists.debian.org/debian-lts-announce/2018/07/msg00016.htmlmailing-list, x_refsource_MLIST
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.htmlvendor-advisory, x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.htmlvendor-advisory, x_refsource_SUSE
http://nvidia.custhelp.com/app/answers/detail/a_id/4611x_refsource_CONFIRM
https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.htmlx_refsource_MISC
https://www.debian.org/security/2018/dsa-4213vendor-advisory, x_refsource_DEBIAN
https://cert.vde.com/en-us/advisories/vde-2018-002x_refsource_CONFIRM
https://www.debian.org/security/2018/dsa-4120vendor-advisory, x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/3580-1/vendor-advisory, x_refsource_UBUNTU
https://support.f5.com/csp/article/K91229003x_refsource_CONFIRM
https://usn.ubuntu.com/3531-3/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/3620-2/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/3582-1/vendor-advisory, x_refsource_UBUNTU
https://www.debian.org/security/2018/dsa-4188vendor-advisory, x_refsource_DEBIAN
https://access.redhat.com/errata/RHSA-2018:0292vendor-advisory, x_refsource_REDHAT
http://xenbits.xen.org/xsa/advisory-254.htmlx_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20180104-0001/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.htmlvendor-advisory, x_refsource_SUSE
https://www.synology.com/support/security/Synology_SA_18_01x_refsource_CONFIRM
http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.htmlx_refsource_MISC
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txtx_refsource_CONFIRM
http://www.securityfocus.com/bid/102376vdb-entry, x_refsource_BID
https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerabilityx_refsource_CONFIRM
https://usn.ubuntu.com/3594-1/vendor-advisory, x_refsource_UBUNTU
http://www.kb.cert.org/vuls/id/584653third-party-advisory, x_refsource_CERT-VN
https://www.kb.cert.org/vuls/id/180049third-party-advisory, x_refsource_CERT-VN
https://cert.vde.com/en-us/advisories/vde-2018-003x_refsource_CONFIRM
https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixesx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/3690-1/vendor-advisory, x_refsource_UBUNTU
https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_usx_refsource_CONFIRM
https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001x_refsource_CONFIRM
https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03871en_usx_refsource_CONFIRM
https://www.vmware.com/us/security/advisories/VMSA-2018-0004.htmlx_refsource_CONFIRM
https://usn.ubuntu.com/3549-1/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.htmlvendor-advisory, x_refsource_SUSE
https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/x_refsource_CONFIRM
https://support.citrix.com/article/CTX231399x_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://spectreattack.com/x_refsource_MISC
https://usn.ubuntu.com/3531-1/vendor-advisory, x_refsource_UBUNTU
https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.ascvendor-advisory, x_refsource_FREEBSD
https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/3581-1/vendor-advisory, x_refsource_UBUNTU
https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/x_refsource_CONFIRM
http://www.securitytracker.com/id/1040071vdb-entry, x_refsource_SECTRACK
https://lists.debian.org/debian-lts-announce/2018/09/msg00017.htmlmailing-list, x_refsource_MLIST
https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088&languageid=en-frx_refsource_CONFIRM
https://usn.ubuntu.com/3597-2/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/3581-2/vendor-advisory, x_refsource_UBUNTU
http://nvidia.custhelp.com/app/answers/detail/a_id/4614x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.htmlvendor-advisory, x_refsource_SUSE
https://lists.debian.org/debian-lts-announce/2018/05/msg00000.htmlmailing-list, x_refsource_MLIST
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannelvendor-advisory, x_refsource_CISCO
https://usn.ubuntu.com/usn/usn-3516-1/vendor-advisory, x_refsource_UBUNTU
https://www.vmware.com/us/security/advisories/VMSA-2018-0002.htmlx_refsource_CONFIRM
https://www.exploit-db.com/exploits/43427/exploit, x_refsource_EXPLOIT-DB
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.htmlvendor-advisory, x_refsource_SUSE
https://usn.ubuntu.com/3541-2/vendor-advisory, x_refsource_UBUNTU
https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.htmlx_refsource_MISC
https://support.lenovo.com/us/en/solutions/LEN-18282x_refsource_CONFIRM
https://usn.ubuntu.com/3777-3/vendor-advisory, x_refsource_UBUNTU
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.htmlvendor-advisory, x_refsource_SUSE
https://www.vmware.com/security/advisories/VMSA-2018-0007.htmlx_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.htmlvendor-advisory, x_refsource_SUSE
http://nvidia.custhelp.com/app/answers/detail/a_id/4613x_refsource_CONFIRM
https://usn.ubuntu.com/3561-1/vendor-advisory, x_refsource_UBUNTU
https://usn.ubuntu.com/3582-2/vendor-advisory, x_refsource_UBUNTU
https://seclists.org/bugtraq/2019/Jun/36mailing-list, x_refsource_BUGTRAQ
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txtx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdfx_refsource_CONFIRM
https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.ascvendor-advisory, x_refsource_FREEBSD
https://seclists.org/bugtraq/2019/Nov/16mailing-list, x_refsource_BUGTRAQ
http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.htmlx_refsource_MISC
https://security.paloaltonetworks.com/CVE-2017-5715x_refsource_CONFIRM
https://lists.debian.org/debian-lts-announce/2020/03/msg00025.htmlmailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/08/msg00019.htmlmailing-list, x_refsource_MLIST
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T15:11:48.456Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
          },
          {
            "name": "USN-3560-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3560-1/"
          },
          {
            "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
          },
          {
            "name": "DSA-4187",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4187"
          },
          {
            "name": "USN-3542-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3542-2/"
          },
          {
            "name": "GLSA-201810-06",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201810-06"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "USN-3540-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3540-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
          },
          {
            "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
          },
          {
            "name": "USN-3597-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3597-1/"
          },
          {
            "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
          },
          {
            "name": "SUSE-SU-2018:0012",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
          },
          {
            "name": "SUSE-SU-2018:0011",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
          },
          {
            "name": "DSA-4213",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4213"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
          },
          {
            "name": "DSA-4120",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4120"
          },
          {
            "name": "openSUSE-SU-2018:0013",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
          },
          {
            "name": "USN-3580-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3580-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.f5.com/csp/article/K91229003"
          },
          {
            "name": "USN-3531-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3531-3/"
          },
          {
            "name": "USN-3620-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3620-2/"
          },
          {
            "name": "openSUSE-SU-2018:0022",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
          },
          {
            "name": "USN-3582-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3582-1/"
          },
          {
            "name": "DSA-4188",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2018/dsa-4188"
          },
          {
            "name": "RHSA-2018:0292",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:0292"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-254.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
          },
          {
            "name": "SUSE-SU-2018:0019",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.synology.com/support/security/Synology_SA_18_01"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
          },
          {
            "name": "102376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/102376"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
          },
          {
            "name": "USN-3594-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3594-1/"
          },
          {
            "name": "VU#584653",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "http://www.kb.cert.org/vuls/id/584653"
          },
          {
            "name": "VU#180049",
            "tags": [
              "third-party-advisory",
              "x_refsource_CERT-VN",
              "x_transferred"
            ],
            "url": "https://www.kb.cert.org/vuls/id/180049"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
          },
          {
            "name": "SUSE-SU-2018:0009",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
          },
          {
            "name": "USN-3690-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3690-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
          },
          {
            "name": "USN-3549-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3549-1/"
          },
          {
            "name": "SUSE-SU-2018:0007",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.citrix.com/article/CTX231399"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://spectreattack.com/"
          },
          {
            "name": "USN-3531-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3531-1/"
          },
          {
            "name": "FreeBSD-SA-18:03",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
          },
          {
            "name": "SUSE-SU-2018:0006",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
          },
          {
            "name": "USN-3581-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3581-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
          },
          {
            "name": "1040071",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1040071"
          },
          {
            "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
          },
          {
            "name": "USN-3597-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3597-2/"
          },
          {
            "name": "USN-3581-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3581-2/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
          },
          {
            "name": "SUSE-SU-2018:0010",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
          },
          {
            "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
          },
          {
            "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
            "tags": [
              "vendor-advisory",
              "x_refsource_CISCO",
              "x_transferred"
            ],
            "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
          },
          {
            "name": "USN-3516-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
          },
          {
            "name": "43427",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/43427/"
          },
          {
            "name": "SUSE-SU-2018:0020",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
          },
          {
            "name": "USN-3541-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3541-2/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
          },
          {
            "name": "USN-3777-3",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3777-3/"
          },
          {
            "name": "openSUSE-SU-2018:0023",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
          },
          {
            "name": "SUSE-SU-2018:0008",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
          },
          {
            "name": "USN-3561-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3561-1/"
          },
          {
            "name": "USN-3582-2",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "https://usn.ubuntu.com/3582-2/"
          },
          {
            "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Jun/36"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
          },
          {
            "name": "FreeBSD-SA-19:26",
            "tags": [
              "vendor-advisory",
              "x_refsource_FREEBSD",
              "x_transferred"
            ],
            "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
          },
          {
            "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "https://seclists.org/bugtraq/2019/Nov/16"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
          },
          {
            "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
          },
          {
            "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Microprocessors with Speculative Execution",
          "vendor": "Intel Corporation",
          "versions": [
            {
              "status": "affected",
              "version": "All"
            }
          ]
        }
      ],
      "datePublic": "2018-01-03T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-08-16T08:06:27",
        "orgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
        "shortName": "intel"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
        },
        {
          "name": "USN-3560-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3560-1/"
        },
        {
          "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
        },
        {
          "name": "DSA-4187",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4187"
        },
        {
          "name": "USN-3542-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3542-2/"
        },
        {
          "name": "GLSA-201810-06",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201810-06"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
        },
        {
          "name": "USN-3540-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3540-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
        },
        {
          "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
        },
        {
          "name": "USN-3597-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3597-1/"
        },
        {
          "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
        },
        {
          "name": "SUSE-SU-2018:0012",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
        },
        {
          "name": "SUSE-SU-2018:0011",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
        },
        {
          "name": "DSA-4213",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4213"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
        },
        {
          "name": "DSA-4120",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4120"
        },
        {
          "name": "openSUSE-SU-2018:0013",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
        },
        {
          "name": "USN-3580-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3580-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.f5.com/csp/article/K91229003"
        },
        {
          "name": "USN-3531-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3531-3/"
        },
        {
          "name": "USN-3620-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3620-2/"
        },
        {
          "name": "openSUSE-SU-2018:0022",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
        },
        {
          "name": "USN-3582-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3582-1/"
        },
        {
          "name": "DSA-4188",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2018/dsa-4188"
        },
        {
          "name": "RHSA-2018:0292",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:0292"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-254.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
        },
        {
          "name": "SUSE-SU-2018:0019",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.synology.com/support/security/Synology_SA_18_01"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
        },
        {
          "name": "102376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/102376"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
        },
        {
          "name": "USN-3594-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3594-1/"
        },
        {
          "name": "VU#584653",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "http://www.kb.cert.org/vuls/id/584653"
        },
        {
          "name": "VU#180049",
          "tags": [
            "third-party-advisory",
            "x_refsource_CERT-VN"
          ],
          "url": "https://www.kb.cert.org/vuls/id/180049"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
        },
        {
          "name": "SUSE-SU-2018:0009",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
        },
        {
          "name": "USN-3690-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3690-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
        },
        {
          "name": "USN-3549-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3549-1/"
        },
        {
          "name": "SUSE-SU-2018:0007",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.citrix.com/article/CTX231399"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://spectreattack.com/"
        },
        {
          "name": "USN-3531-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3531-1/"
        },
        {
          "name": "FreeBSD-SA-18:03",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
        },
        {
          "name": "SUSE-SU-2018:0006",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
        },
        {
          "name": "USN-3581-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3581-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
        },
        {
          "name": "1040071",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1040071"
        },
        {
          "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
        },
        {
          "name": "USN-3597-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3597-2/"
        },
        {
          "name": "USN-3581-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3581-2/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
        },
        {
          "name": "SUSE-SU-2018:0010",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
        },
        {
          "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
        },
        {
          "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
          "tags": [
            "vendor-advisory",
            "x_refsource_CISCO"
          ],
          "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
        },
        {
          "name": "USN-3516-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
        },
        {
          "name": "43427",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/43427/"
        },
        {
          "name": "SUSE-SU-2018:0020",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
        },
        {
          "name": "USN-3541-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3541-2/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
        },
        {
          "name": "USN-3777-3",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3777-3/"
        },
        {
          "name": "openSUSE-SU-2018:0023",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
        },
        {
          "name": "SUSE-SU-2018:0008",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
        },
        {
          "name": "USN-3561-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3561-1/"
        },
        {
          "name": "USN-3582-2",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "https://usn.ubuntu.com/3582-2/"
        },
        {
          "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Jun/36"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
        },
        {
          "name": "FreeBSD-SA-19:26",
          "tags": [
            "vendor-advisory",
            "x_refsource_FREEBSD"
          ],
          "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
        },
        {
          "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "https://seclists.org/bugtraq/2019/Nov/16"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
        },
        {
          "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
        },
        {
          "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@intel.com",
          "DATE_PUBLIC": "2018-01-03T00:00:00",
          "ID": "CVE-2017-5715",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Microprocessors with Speculative Execution",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "All"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Intel Corporation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Systems with microprocessors utilizing speculative execution and indirect branch prediction may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4609"
            },
            {
              "name": "USN-3560-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3560-1/"
            },
            {
              "name": "[debian-lts-announce] 20180714 [SECURITY] [DLA 1422-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00015.html"
            },
            {
              "name": "DSA-4187",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4187"
            },
            {
              "name": "USN-3542-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3542-2/"
            },
            {
              "name": "GLSA-201810-06",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201810-06"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "USN-3540-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3540-2/"
            },
            {
              "name": "https://access.redhat.com/security/vulnerabilities/speculativeexecution",
              "refsource": "CONFIRM",
              "url": "https://access.redhat.com/security/vulnerabilities/speculativeexecution"
            },
            {
              "name": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002",
              "refsource": "CONFIRM",
              "url": "https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/ADV180002"
            },
            {
              "name": "[debian-lts-announce] 20180906 [SECURITY] [DLA 1497-1] qemu security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00007.html"
            },
            {
              "name": "USN-3597-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3597-1/"
            },
            {
              "name": "[debian-lts-announce] 20180715 [SECURITY] [DLA 1422-2] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/07/msg00016.html"
            },
            {
              "name": "SUSE-SU-2018:0012",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00008.html"
            },
            {
              "name": "SUSE-SU-2018:0011",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00007.html"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4611"
            },
            {
              "name": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html",
              "refsource": "MISC",
              "url": "https://security.googleblog.com/2018/01/todays-cpu-vulnerability-what-you-need.html"
            },
            {
              "name": "DSA-4213",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4213"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2018-002",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2018-002"
            },
            {
              "name": "DSA-4120",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4120"
            },
            {
              "name": "openSUSE-SU-2018:0013",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00009.html"
            },
            {
              "name": "USN-3580-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3580-1/"
            },
            {
              "name": "https://support.f5.com/csp/article/K91229003",
              "refsource": "CONFIRM",
              "url": "https://support.f5.com/csp/article/K91229003"
            },
            {
              "name": "USN-3531-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3531-3/"
            },
            {
              "name": "USN-3620-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3620-2/"
            },
            {
              "name": "openSUSE-SU-2018:0022",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00014.html"
            },
            {
              "name": "USN-3582-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3582-1/"
            },
            {
              "name": "DSA-4188",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2018/dsa-4188"
            },
            {
              "name": "RHSA-2018:0292",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:0292"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-254.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-254.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180104-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20180104-0001/"
            },
            {
              "name": "SUSE-SU-2018:0019",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00012.html"
            },
            {
              "name": "https://www.synology.com/support/security/Synology_SA_18_01",
              "refsource": "CONFIRM",
              "url": "https://www.synology.com/support/security/Synology_SA_18_01"
            },
            {
              "name": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/145645/Spectre-Information-Disclosure-Proof-Of-Concept.html"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2018-001.txt"
            },
            {
              "name": "102376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/102376"
            },
            {
              "name": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability",
              "refsource": "CONFIRM",
              "url": "https://developer.arm.com/support/arm-security-updates/speculative-processor-vulnerability"
            },
            {
              "name": "USN-3594-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3594-1/"
            },
            {
              "name": "VU#584653",
              "refsource": "CERT-VN",
              "url": "http://www.kb.cert.org/vuls/id/584653"
            },
            {
              "name": "VU#180049",
              "refsource": "CERT-VN",
              "url": "https://www.kb.cert.org/vuls/id/180049"
            },
            {
              "name": "https://cert.vde.com/en-us/advisories/vde-2018-003",
              "refsource": "CONFIRM",
              "url": "https://cert.vde.com/en-us/advisories/vde-2018-003"
            },
            {
              "name": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes",
              "refsource": "CONFIRM",
              "url": "https://help.ecostruxureit.com/display/public/UADCO8x/StruxureWare+Data+Center+Operation+Software+Vulnerability+Fixes"
            },
            {
              "name": "SUSE-SU-2018:0009",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00005.html"
            },
            {
              "name": "USN-3690-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3690-1/"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docId=emr_na-hpesbhf03805en_us"
            },
            {
              "name": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001",
              "refsource": "CONFIRM",
              "url": "https://www.mitel.com/en-ca/support/security-advisories/mitel-product-security-advisory-18-0001"
            },
            {
              "name": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us",
              "refsource": "CONFIRM",
              "url": "https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US\u0026docId=emr_na-hpesbhf03871en_us"
            },
            {
              "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0004.html"
            },
            {
              "name": "USN-3549-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3549-1/"
            },
            {
              "name": "SUSE-SU-2018:0007",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00003.html"
            },
            {
              "name": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/",
              "refsource": "CONFIRM",
              "url": "https://www.suse.com/c/suse-addresses-meltdown-spectre-vulnerabilities/"
            },
            {
              "name": "https://support.citrix.com/article/CTX231399",
              "refsource": "CONFIRM",
              "url": "https://support.citrix.com/article/CTX231399"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://spectreattack.com/",
              "refsource": "MISC",
              "url": "https://spectreattack.com/"
            },
            {
              "name": "USN-3531-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3531-1/"
            },
            {
              "name": "FreeBSD-SA-18:03",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-18:03.speculative_execution.asc"
            },
            {
              "name": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/",
              "refsource": "CONFIRM",
              "url": "https://aws.amazon.com/de/security/security-bulletins/AWS-2018-013/"
            },
            {
              "name": "SUSE-SU-2018:0006",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00002.html"
            },
            {
              "name": "USN-3581-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3581-1/"
            },
            {
              "name": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/",
              "refsource": "CONFIRM",
              "url": "https://blog.mozilla.org/security/2018/01/03/mitigations-landing-new-class-timing-attack/"
            },
            {
              "name": "1040071",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1040071"
            },
            {
              "name": "[debian-lts-announce] 20180916 [SECURITY] [DLA 1506-1] intel-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00017.html"
            },
            {
              "name": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr",
              "refsource": "CONFIRM",
              "url": "https://security-center.intel.com/advisory.aspx?intelid=INTEL-SA-00088\u0026languageid=en-fr"
            },
            {
              "name": "USN-3597-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3597-2/"
            },
            {
              "name": "USN-3581-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3581-2/"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4614"
            },
            {
              "name": "SUSE-SU-2018:0010",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00006.html"
            },
            {
              "name": "[debian-lts-announce] 20180502 [SECURITY] [DLA 1369-1] linux security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00000.html"
            },
            {
              "name": "20180104 CPU Side-Channel Information Disclosure Vulnerabilities",
              "refsource": "CISCO",
              "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180104-cpusidechannel"
            },
            {
              "name": "USN-3516-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/usn/usn-3516-1/"
            },
            {
              "name": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/us/security/advisories/VMSA-2018-0002.html"
            },
            {
              "name": "43427",
              "refsource": "EXPLOIT-DB",
              "url": "https://www.exploit-db.com/exploits/43427/"
            },
            {
              "name": "SUSE-SU-2018:0020",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00013.html"
            },
            {
              "name": "USN-3541-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3541-2/"
            },
            {
              "name": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html",
              "refsource": "MISC",
              "url": "https://googleprojectzero.blogspot.com/2018/01/reading-privileged-memory-with-side.html"
            },
            {
              "name": "https://support.lenovo.com/us/en/solutions/LEN-18282",
              "refsource": "CONFIRM",
              "url": "https://support.lenovo.com/us/en/solutions/LEN-18282"
            },
            {
              "name": "USN-3777-3",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3777-3/"
            },
            {
              "name": "openSUSE-SU-2018:0023",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00016.html"
            },
            {
              "name": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html",
              "refsource": "CONFIRM",
              "url": "https://www.vmware.com/security/advisories/VMSA-2018-0007.html"
            },
            {
              "name": "SUSE-SU-2018:0008",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2018-01/msg00004.html"
            },
            {
              "name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613",
              "refsource": "CONFIRM",
              "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4613"
            },
            {
              "name": "USN-3561-1",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3561-1/"
            },
            {
              "name": "USN-3582-2",
              "refsource": "UBUNTU",
              "url": "https://usn.ubuntu.com/3582-2/"
            },
            {
              "name": "20190624 [SECURITY] [DSA 4469-1] libvirt security update",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Jun/36"
            },
            {
              "name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt",
              "refsource": "CONFIRM",
              "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2019-003.txt"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf",
              "refsource": "CONFIRM",
              "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-608355.pdf"
            },
            {
              "name": "FreeBSD-SA-19:26",
              "refsource": "FREEBSD",
              "url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-19:26.mcu.asc"
            },
            {
              "name": "20191112 FreeBSD Security Advisory FreeBSD-SA-19:26.mcu",
              "refsource": "BUGTRAQ",
              "url": "https://seclists.org/bugtraq/2019/Nov/16"
            },
            {
              "name": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html",
              "refsource": "MISC",
              "url": "http://packetstormsecurity.com/files/155281/FreeBSD-Security-Advisory-FreeBSD-SA-19-26.mcu.html"
            },
            {
              "name": "https://security.paloaltonetworks.com/CVE-2017-5715",
              "refsource": "CONFIRM",
              "url": "https://security.paloaltonetworks.com/CVE-2017-5715"
            },
            {
              "name": "[debian-lts-announce] 20200320 [SECURITY] [DLA 2148-1] amd64-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00025.html"
            },
            {
              "name": "[debian-lts-announce] 20210816 [SECURITY] [DLA 2743-1] amd64-microcode security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00019.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "6dda929c-bb53-4a77-a76d-48e79601a1ce",
    "assignerShortName": "intel",
    "cveId": "CVE-2017-5715",
    "datePublished": "2018-01-04T13:00:00Z",
    "dateReserved": "2017-02-01T00:00:00",
    "dateUpdated": "2024-09-17T03:28:57.728Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-21702
Vulnerability from cvelistv5
Published
2021-02-15 04:10
Modified
2024-09-16 17:34
Severity ?
5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Summary
In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash.
References
https://bugs.php.net/bug.php?id=80672x_refsource_MISC
https://www.debian.org/security/2021/dsa-4856vendor-advisory, x_refsource_DEBIAN
https://security.gentoo.org/glsa/202105-23vendor-advisory, x_refsource_GENTOO
https://lists.debian.org/debian-lts-announce/2021/07/msg00008.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.tenable.com/security/tns-2021-14x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20210312-0005/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.386Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.php.net/bug.php?id=80672"
          },
          {
            "name": "DSA-4856",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4856"
          },
          {
            "name": "GLSA-202105-23",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202105-23"
          },
          {
            "name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.tenable.com/security/tns-2021-14"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "PHP",
          "vendor": "PHP Group",
          "versions": [
            {
              "lessThan": "7.3.27",
              "status": "affected",
              "version": "7.3.x",
              "versionType": "custom"
            },
            {
              "lessThan": "7.4.15",
              "status": "affected",
              "version": "7.4.x",
              "versionType": "custom"
            },
            {
              "lessThan": "8.0.2",
              "status": "affected",
              "version": "8.0.X",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Reported by jgalindo at datto dot com"
        }
      ],
      "datePublic": "2021-02-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:40:53",
        "orgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
        "shortName": "php"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.php.net/bug.php?id=80672"
        },
        {
          "name": "DSA-4856",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4856"
        },
        {
          "name": "GLSA-202105-23",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202105-23"
        },
        {
          "name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.tenable.com/security/tns-2021-14"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
        }
      ],
      "source": {
        "defect": [
          "https://bugs.php.net/bug.php?id=77423"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Null Dereference in SoapClient",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@php.net",
          "DATE_PUBLIC": "2021-02-01T14:00:00.000Z",
          "ID": "CVE-2021-21702",
          "STATE": "PUBLIC",
          "TITLE": "Null Dereference in SoapClient"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "PHP",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.3.x",
                            "version_value": "7.3.27"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "7.4.x",
                            "version_value": "7.4.15"
                          },
                          {
                            "version_affected": "\u003c",
                            "version_name": "8.0.X",
                            "version_value": "8.0.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "PHP Group"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Reported by jgalindo at datto dot com"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In PHP versions 7.3.x below 7.3.27, 7.4.x below 7.4.15 and 8.0.x below 8.0.2, when using SOAP extension to connect to a SOAP server, a malicious SOAP server could return malformed XML data as a response that would cause PHP to access a null pointer and thus cause a crash."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-476 NULL Pointer Dereference"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugs.php.net/bug.php?id=80672",
              "refsource": "MISC",
              "url": "https://bugs.php.net/bug.php?id=80672"
            },
            {
              "name": "DSA-4856",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4856"
            },
            {
              "name": "GLSA-202105-23",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202105-23"
            },
            {
              "name": "[debian-lts-announce] 20210715 [SECURITY] [DLA 2708-1] php7.0 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00008.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.tenable.com/security/tns-2021-14",
              "refsource": "CONFIRM",
              "url": "https://www.tenable.com/security/tns-2021-14"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210312-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210312-0005/"
            }
          ]
        },
        "source": {
          "defect": [
            "https://bugs.php.net/bug.php?id=77423"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "dd77f84a-d19a-4638-8c3d-a322d820ed2b",
    "assignerShortName": "php",
    "cveId": "CVE-2021-21702",
    "datePublished": "2021-02-15T04:10:16.837039Z",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-09-16T17:34:26.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-21783
Vulnerability from cvelistv5
Published
2021-03-25 16:01
Modified
2024-08-03 18:23
Severity ?
9.8 (Critical) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability.
References
https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T18:23:29.363Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Genivia",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Genivia gSOAP 2.8.109, Genivia gSOAP 2.8.110"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-680",
              "description": "CWE-680: Integer Overflow to Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-07T14:41:27",
        "orgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
        "shortName": "talos"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "talos-cna@cisco.com",
          "ID": "CVE-2021-21783",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Genivia",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Genivia gSOAP 2.8.109, Genivia gSOAP 2.8.110"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A code execution vulnerability exists in the WS-Addressing plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to remote code execution. An attacker can send an HTTP request to trigger this vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": 9.8,
            "baseSeverity": "Critical",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-680: Integer Overflow to Buffer Overflow"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245",
              "refsource": "MISC",
              "url": "https://talosintelligence.com/vulnerability_reports/TALOS-2021-1245"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b",
    "assignerShortName": "talos",
    "cveId": "CVE-2021-21783",
    "datePublished": "2021-03-25T16:01:12",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-03T18:23:29.363Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1258
Vulnerability from cvelistv5
Published
2018-05-11 20:00
Modified
2024-09-17 02:56
Severity ?
Summary
Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted.
References
http://www.securityfocus.com/bid/104222vdb-entry, x_refsource_BID
http://www.securitytracker.com/id/1041888vdb-entry, x_refsource_SECTRACK
http://www.securitytracker.com/id/1041896vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2019:2413vendor-advisory, x_refsource_REDHAT
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20181018-0002/x_refsource_CONFIRM
https://pivotal.io/security/cve-2018-1258x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:49.125Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "104222",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/104222"
          },
          {
            "name": "1041888",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041888"
          },
          {
            "name": "1041896",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041896"
          },
          {
            "name": "RHSA-2019:2413",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2019:2413"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1258"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "5.0.5"
            }
          ]
        }
      ],
      "datePublic": "2018-05-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Authorization Bypass",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:01",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "104222",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/104222"
        },
        {
          "name": "1041888",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041888"
        },
        {
          "name": "1041896",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041896"
        },
        {
          "name": "RHSA-2019:2413",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2019:2413"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1258"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-05-09T00:00:00",
          "ID": "CVE-2018-1258",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "=",
                            "version_affected": "=",
                            "version_value": "5.0.5"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework version 5.0.5 when used in combination with any versions of Spring Security contains an authorization bypass when using method security. An unauthorized malicious user can gain unauthorized access to methods that should be restricted."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Authorization Bypass"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "104222",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/104222"
            },
            {
              "name": "1041888",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041888"
            },
            {
              "name": "1041896",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041896"
            },
            {
              "name": "RHSA-2019:2413",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2019:2413"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20181018-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20181018-0002/"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1258",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1258"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1258",
    "datePublished": "2018-05-11T20:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:56:37.459Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-33037
Vulnerability from cvelistv5
Published
2021-07-12 14:55
Modified
2024-08-03 23:42
Severity ?
Summary
Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding.
References
https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3Ex_refsource_MISC
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.debian.org/debian-lts-announce/2021/08/msg00009.htmlmailing-list, x_refsource_MLIST
https://www.debian.org/security/2021/dsa-4952vendor-advisory, x_refsource_DEBIAN
https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210827-0007/x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10366x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://security.gentoo.org/glsa/202208-34vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:42:19.203Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "name": "[tomee-commits] 20210728 [jira] [Created] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20210728 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210805 [SECURITY] [DLA 2733-1] tomcat8 security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
          },
          {
            "name": "DSA-4952",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4952"
          },
          {
            "name": "[tomee-commits] 20210830 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20210914 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "name": "[tomee-commits] 20210916 [jira] [Resolved] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "name": "GLSA-202208-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10 10.0.0-M1 to 10.0.6"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 9 9.0.0.M1 to 9.0.46"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 8 8.5.0 to 8.5.66"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "The Apache Tomcat Security Team would like to thank Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab for identifying and reporting this issue."
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-444",
              "description": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-21T04:07:16",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "name": "[tomee-commits] 20210728 [jira] [Created] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20210728 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[debian-lts-announce] 20210805 [SECURITY] [DLA 2733-1] tomcat8 security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
        },
        {
          "name": "DSA-4952",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4952"
        },
        {
          "name": "[tomee-commits] 20210830 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20210914 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "name": "[tomee-commits] 20210916 [jira] [Resolved] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37%40%3Ccommits.tomee.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "GLSA-202208-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-34"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Incorrect Transfer-Encoding handling with HTTP/1.0",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-33037",
          "STATE": "PUBLIC",
          "TITLE": "Incorrect Transfer-Encoding handling with HTTP/1.0"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.0.0-M1 to 10.0.6"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 9",
                            "version_value": "9.0.0.M1 to 9.0.46"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 8",
                            "version_value": "8.5.0 to 8.5.66"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "The Apache Tomcat Security Team would like to thank Bahruz Jabiyev, Steven Sprecher and Kaan Onarlioglu of NEU seclab for identifying and reporting this issue."
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstances leading to the possibility to request smuggling when used with a reverse proxy. Specifically: - Tomcat incorrectly ignored the transfer encoding header if the client declared it would only accept an HTTP/1.0 response; - Tomcat honoured the identify encoding; and - Tomcat did not ensure that, if present, the chunked encoding was the final encoding."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {}
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-444 Inconsistent Interpretation of HTTP Requests (\u0027HTTP Request Smuggling\u0027)"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r612a79269b0d5e5780c62dfd34286a8037232fec0bc6f1a7e60c9381%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "[tomee-commits] 20210728 [jira] [Created] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r40f921575aee8d7d34e53182f862c45cbb8f3d898c9d4e865c2ec262@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20210728 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/re01e7e93154e8bdf78a11a23f9686427bd3d51fc6e12c508645567b7@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[debian-lts-announce] 20210805 [SECURITY] [DLA 2733-1] tomcat8 security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/08/msg00009.html"
            },
            {
              "name": "DSA-4952",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4952"
            },
            {
              "name": "[tomee-commits] 20210830 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd0dfea39829bc0606c936a16f6fca338127c86c0a1083970b45ac8d2@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20210913 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r290aee55b72811fd19e75ac80f6143716c079170c5671b96932ed44b@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20210914 [jira] [Commented] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1b54fd3f52f998ca4829159a88cc4c23d6cef5c6447d00948e75c97@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "[tomee-commits] 20210916 [jira] [Resolved] (TOMEE-3778) Update embedded Tomcat to 9.0.48 or later to address CVE-2021-33037",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rc6ef52453bb996a98cb45442871a1db56b7c349939e45d829bf9ae37@%3Ccommits.tomee.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210827-0007/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210827-0007/"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10366"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "GLSA-202208-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-34"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-33037",
    "datePublished": "2021-07-12T14:55:15",
    "dateReserved": "2021-05-17T00:00:00",
    "dateUpdated": "2024-08-03T23:42:19.203Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1275
Vulnerability from cvelistv5
Published
2018-04-11 13:00
Modified
2024-09-17 02:43
Severity ?
Summary
Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework.
References
http://www.securitytracker.com/id/1041301vdb-entry, x_refsource_SECTRACK
https://access.redhat.com/errata/RHSA-2018:2939vendor-advisory, x_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1320vendor-advisory, x_refsource_REDHAT
http://www.securityfocus.com/bid/103771vdb-entry, x_refsource_BID
https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3Emailing-list, x_refsource_MLIST
http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.htmlx_refsource_CONFIRM
http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://pivotal.io/security/cve-2018-1275x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T03:51:48.962Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1041301",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1041301"
          },
          {
            "name": "RHSA-2018:2939",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:2939"
          },
          {
            "name": "RHSA-2018:1320",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "https://access.redhat.com/errata/RHSA-2018:1320"
          },
          {
            "name": "103771",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/103771"
          },
          {
            "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-1275"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Spring by Pivotal",
          "versions": [
            {
              "status": "affected",
              "version": "Versions prior to 5.0.5 and 4.3.16"
            }
          ]
        }
      ],
      "datePublic": "2018-04-09T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94 - Code Injection",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:04",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "1041301",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1041301"
        },
        {
          "name": "RHSA-2018:2939",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:2939"
        },
        {
          "name": "RHSA-2018:1320",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "https://access.redhat.com/errata/RHSA-2018:1320"
        },
        {
          "name": "103771",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/103771"
        },
        {
          "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369%40%3Cissues.activemq.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-1275"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-04-09T00:00:00",
          "ID": "CVE-2018-1275",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Versions prior to 5.0.5 and 4.3.16"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Spring by Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework, versions 5.0 prior to 5.0.5 and versions 4.3 prior to 4.3.16 and older unsupported versions, allow applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a remote code execution attack. This CVE addresses the partial fix for CVE-2018-1270 in the 4.3.x branch of the Spring Framework."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-94 - Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1041301",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1041301"
            },
            {
              "name": "RHSA-2018:2939",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:2939"
            },
            {
              "name": "RHSA-2018:1320",
              "refsource": "REDHAT",
              "url": "https://access.redhat.com/errata/RHSA-2018:1320"
            },
            {
              "name": "103771",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/103771"
            },
            {
              "name": "[activemq-issues] 20190703 [jira] [Created] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework)",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/4ed49b103f64a0cecb38064f26cbf1389afc12124653da2d35166dbe@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190703 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/ab825fcade0b49becfa30235b3d54f4a51bb74ea96b6c9adb5d1378c@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "[activemq-issues] 20190718 [jira] [Updated] (AMQ-7236) SEV-1 Security vulnerability in spring-expression-4.3.11.RELEASE.jar (spring framework) and xstream-1.4.10.jar",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/dcf8599b80e43a6b60482607adb76c64672772dc2d9209ae2170f369@%3Cissues.activemq.apache.org%3E"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-1275",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-1275"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-1275",
    "datePublished": "2018-04-11T13:00:00Z",
    "dateReserved": "2017-12-06T00:00:00",
    "dateUpdated": "2024-09-17T02:43:01.710Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-10672
Vulnerability from cvelistv5
Published
2020-03-18 21:17
Modified
2024-08-04 11:06
Severity ?
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms).
References
https://lists.debian.org/debian-lts-announce/2020/03/msg00027.htmlmailing-list, x_refsource_MLIST
https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2020.htmlx_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2659x_refsource_MISC
https://security.netapp.com/advisory/ntap-20200403-0002/x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "debian_linux",
            "vendor": "debian",
            "versions": [
              {
                "status": "affected",
                "version": "8.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:netapp:steelstore_cloud_integrated_storage:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "steelstore_cloud_integrated_storage",
            "vendor": "netapp",
            "versions": [
              {
                "status": "affected",
                "version": "*"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "agile_plm",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "9.3.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:autovue_for_agile_product_lifecycle_management:21.0.2:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "autovue_for_agile_product_lifecycle_management",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "21.0.2"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "banking_digital_experience",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "18.3",
                "status": "affected",
                "version": "18.1",
                "versionType": "custom"
              },
              {
                "lessThanOrEqual": "19.2",
                "status": "affected",
                "version": "19.1",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "20.1"
              },
              {
                "lessThanOrEqual": "2.9.0",
                "status": "affected",
                "version": "2.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_calendar_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.0.5.0",
                "status": "affected",
                "version": "8.0.0.4.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_diameter_signaling_router:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_diameter_signaling_router",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_element_manager:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_element_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_evolved_communications_application_server:7.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_evolved_communications_application_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "7.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_instant_messaging_server:10.0.1.4.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_instant_messaging_server",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "10.0.1.4.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "6.0.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_network_charging_and_control:12.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_network_charging_and_control",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.0.3",
                "status": "affected",
                "version": "12.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:communications_session_route_manager:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "communications_session_route_manager",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.2.2",
                "status": "affected",
                "version": "8.2.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "enterprise_manager_base_platform",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "13.4.0.0",
                "status": "affected",
                "version": "13.3.0.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_analytical_applications_infrastructure",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.1.0",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_institutional_performance_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_institutional_performance_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              },
              {
                "status": "affected",
                "version": "8.0.7"
              },
              {
                "status": "affected",
                "version": "8.1.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_price_creation_and_discovery:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_price_creation_and_discovery",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "8.0.7",
                "status": "affected",
                "version": "8.0.6",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:financial_services_retail_customer_analytics:8.0.6:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "financial_services_retail_customer_analytics",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "8.0.6"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:global_lifecycle_management_opatch:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "global_lifecycle_management_opatch",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.0.1.20",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "insurance_policy_administration_j2ee",
            "vendor": "oracle",
            "versions": [
              {
                "lessThan": "11.1.0.15",
                "status": "affected",
                "version": "11.0.2.25",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:jd_edwards_enterpriseone_orchestrator:-:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jd_edwards_enterpriseone_orchestrator",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "9.2.4.2",
                "status": "affected",
                "version": "0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "primavera_unifier",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "16.1"
              },
              {
                "status": "affected",
                "version": "16.2"
              },
              {
                "lessThanOrEqual": "17.12",
                "status": "affected",
                "version": "17.7",
                "versionType": "custom"
              },
              {
                "status": "affected",
                "version": "18.8"
              },
              {
                "status": "affected",
                "version": "19.12"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_merchandising_system:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_merchandising_system",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "15.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_sales_audit:14.1:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_sales_audit",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_service_backbone:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_service_backbone",
            "vendor": "oracle",
            "versions": [
              {
                "status": "affected",
                "version": "14.1"
              },
              {
                "status": "affected",
                "version": "15.0"
              },
              {
                "status": "affected",
                "version": "16.0"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "retail_xstore_point_of_service",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "19.0",
                "status": "affected",
                "version": "15.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:oracle:weblogic_server:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "weblogic_server",
            "vendor": "oracle",
            "versions": [
              {
                "lessThanOrEqual": "12.2.1.4.0",
                "status": "affected",
                "version": "12.2.1.3.0",
                "versionType": "custom"
              }
            ]
          },
          {
            "cpes": [
              "cpe:2.3:a:fasterxml:jackson-databind:2.0.0:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "jackson-databind",
            "vendor": "fasterxml",
            "versions": [
              {
                "lessThan": "2.9.10.4",
                "status": "affected",
                "version": "2.0.0",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 8.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "REQUIRED",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2020-10672",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-05-25T04:00:48.872316Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-502",
                "description": "CWE-502 Deserialization of Untrusted Data",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-06-04T19:56:32.131Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:06:11.143Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:38:38",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://medium.com/%40cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-10672",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.4 mishandles the interaction between serialization gadgets and typing, related to org.apache.aries.transaction.jms.internal.XaPooledConnectionFactory (aka aries.transaction.jms)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[debian-lts-announce] 20200322 [SECURITY] [DLA 2153-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2020/03/msg00027.html"
            },
            {
              "name": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://medium.com/@cowtowncoder/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2659",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2659"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20200403-0002/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20200403-0002/"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-10672",
    "datePublished": "2020-03-18T21:17:43",
    "dateReserved": "2020-03-18T00:00:00",
    "dateUpdated": "2024-08-04T11:06:11.143Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2018-1000613
Vulnerability from cvelistv5
Published
2018-07-09 20:00
Modified
2024-11-14 20:37
Severity ?
Summary
Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later.
References
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.htmlvendor-advisory, x_refsource_SUSE
https://www.oracle.com/security-alerts/cpuapr2020.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlx_refsource_CONFIRM
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlx_refsource_MISC
https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlx_refsource_MISC
https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3Emailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20190204-0003/x_refsource_CONFIRM
https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574x_refsource_CONFIRM
https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dcx_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T12:40:47.584Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "openSUSE-SU-2020:0607",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2018-1000613",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-01-29T19:03:21.865602Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-14T20:37:00.531Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "dateAssigned": "2018-07-08T00:00:00",
      "datePublic": "2018-03-02T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-14T17:20:03",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "openSUSE-SU-2020:0607",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2%40%3Cissues.geode.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "DATE_ASSIGNED": "2018-07-08T15:52:41.190527",
          "DATE_REQUESTED": "2018-06-29T04:46:08",
          "ID": "CVE-2018-1000613",
          "REQUESTER": "dgh@bouncycastle.org",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contains a CWE-470: Use of Externally-Controlled Input to Select Classes or Code (\u0027Unsafe Reflection\u0027) vulnerability in XMSS/XMSS^MT private key deserialization that can result in Deserializing an XMSS/XMSS^MT private key can result in the execution of unexpected code. This attack appear to be exploitable via A handcrafted private key can include references to unexpected classes which will be picked up from the class path for the executing application. This vulnerability appears to have been fixed in 1.60 and later."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "openSUSE-SU-2020:0607",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00011.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "[geode-issues] 20200831 [jira] [Created] (GEODE-8471) Dependency security issues in geode-core-1.12",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rf1bbc0ea4a9f014cf94df9a12a6477d24a27f52741dbc87f2fd52ff2@%3Cissues.geode.apache.org%3E"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20190204-0003/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20190204-0003/"
            },
            {
              "name": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574",
              "refsource": "CONFIRM",
              "url": "https://github.com/bcgit/bc-java/commit/4092ede58da51af9a21e4825fbad0d9a3ef5a223#diff-2c06e2edef41db889ee14899e12bd574"
            },
            {
              "name": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc",
              "refsource": "CONFIRM",
              "url": "https://github.com/bcgit/bc-java/commit/cd98322b171b15b3f88c5ec871175147893c31e6#diff-148a6c098af0199192d6aede960f45dc"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2018-1000613",
    "datePublished": "2018-07-09T20:00:00",
    "dateReserved": "2018-06-29T00:00:00",
    "dateUpdated": "2024-11-14T20:37:00.531Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-1954
Vulnerability from cvelistv5
Published
2020-04-01 20:07
Modified
2024-08-04 06:54
Severity ?
Summary
Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the ‘createMBServerConnectorFactory‘ property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX.
References
https://www.oracle.com/security-alerts/cpuoct2020.htmlx_refsource_MISC
http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1&modificationDate=1585730169000&api=v2x_refsource_MISC
https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3Emailing-list, x_refsource_MLIST
https://security.netapp.com/advisory/ntap-20220210-0001/x_refsource_CONFIRM
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T06:54:00.267Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
          },
          {
            "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache CXF",
          "vendor": "Apache",
          "versions": [
            {
              "status": "affected",
              "version": "affects all versions prior to 3.3.6 and 3.2.13"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Information Disclosure",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-02-10T09:06:50",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
        },
        {
          "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e%40%3Ccommits.cxf.apache.org%3E"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2020-1954",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache CXF",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "affects all versions prior to 3.3.6 and 3.2.13"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Apache CXF has the ability to integrate with JMX by registering an InstrumentationManager extension with the CXF bus. If the \u2018createMBServerConnectorFactory\u2018 property of the default InstrumentationManagerImpl is not disabled, then it is vulnerable to a man-in-the-middle (MITM) style attack. An attacker on the same host can connect to the registry and rebind the entry to another server, thus acting as a proxy to the original. They are then able to gain access to all of the information that is sent and received over JMX."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Information Disclosure"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
            },
            {
              "name": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2",
              "refsource": "MISC",
              "url": "http://cxf.apache.org/security-advisories.data/CVE-2020-1954.txt.asc?version=1\u0026modificationDate=1585730169000\u0026api=v2"
            },
            {
              "name": "[cxf-commits] 20201112 svn commit: r1067927 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2020-13954.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rd49aabd984ed540c8ff7916d4d79405f3fa311d2fdbcf9ed307839a6@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210402 svn commit: r1073270 - in /websites/production/cxf/content: cache/main.pageCache security-advisories.data/CVE-2021-22696.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rec7160382badd3ef4ad017a22f64a266c7188b9ba71394f0d321e2d4@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "[cxf-commits] 20210616 svn commit: r1075801 - in /websites/production/cxf/content: cache/main.pageCache index.html security-advisories.data/CVE-2021-30468.txt.asc security-advisories.html",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/rfb87e0bf3995e7d560afeed750fac9329ff5f1ad49da365129b7f89e@%3Ccommits.cxf.apache.org%3E"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20220210-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20220210-0001/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2020-1954",
    "datePublished": "2020-04-01T20:07:29",
    "dateReserved": "2019-12-02T00:00:00",
    "dateUpdated": "2024-08-04T06:54:00.267Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2020-35490
Vulnerability from cvelistv5
Published
2020-12-17 18:43
Modified
2024-08-04 17:02
Severity ?
Summary
FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource.
References
https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062x_refsource_MISC
https://github.com/FasterXML/jackson-databind/issues/2986x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021/04/msg00025.htmlmailing-list, x_refsource_MLIST
https://www.oracle.com/security-alerts/cpuApr2021.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20210122-0005/x_refsource_CONFIRM
https://www.oracle.com//security-alerts/cpujul2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:02:08.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
          },
          {
            "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-07-25T16:19:42",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
        },
        {
          "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-35490",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "FasterXML jackson-databind 2.x before 2.9.10.8 mishandles the interaction between serialization gadgets and typing, related to org.apache.commons.dbcp2.datasources.PerUserPoolDataSource."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062",
              "refsource": "MISC",
              "url": "https://cowtowncoder.medium.com/on-jackson-cves-dont-panic-here-is-what-you-need-to-know-54cd0d6e8062"
            },
            {
              "name": "https://github.com/FasterXML/jackson-databind/issues/2986",
              "refsource": "MISC",
              "url": "https://github.com/FasterXML/jackson-databind/issues/2986"
            },
            {
              "name": "[debian-lts-announce] 20210424 [SECURITY] [DLA 2638-1] jackson-databind security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00025.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20210122-0005/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20210122-0005/"
            },
            {
              "name": "https://www.oracle.com//security-alerts/cpujul2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com//security-alerts/cpujul2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-35490",
    "datePublished": "2020-12-17T18:43:51",
    "dateReserved": "2020-12-17T00:00:00",
    "dateUpdated": "2024-08-04T17:02:08.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

cve-2021-42340
Vulnerability from cvelistv5
Published
2021-10-14 19:55
Modified
2024-08-04 03:30
Severity ?
Summary
The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError.
References
https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3Ex_refsource_MISC
https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3Emailing-list, x_refsource_MLIST
https://www.debian.org/security/2021/dsa-5009vendor-advisory, x_refsource_DEBIAN
https://www.oracle.com/security-alerts/cpujan2022.htmlx_refsource_MISC
https://security.netapp.com/advisory/ntap-20211104-0001/x_refsource_CONFIRM
https://kc.mcafee.com/corporate/index?page=content&id=SB10379x_refsource_CONFIRM
https://www.oracle.com/security-alerts/cpuapr2022.htmlx_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.htmlx_refsource_MISC
https://security.gentoo.org/glsa/202208-34vendor-advisory, x_refsource_GENTOO
Impacted products
Vendor Product Version
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T03:30:38.354Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
          },
          {
            "name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
          },
          {
            "name": "DSA-5009",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5009"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          },
          {
            "name": "GLSA-202208-34",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-34"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Apache Tomcat",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "status": "affected",
              "version": "Apache Tomcat 10 10.0.0-M10 to 10.0.11"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 10 10.1.0-M1 to 10.1.0-M5"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 9 9.0.40 to 9.0.53"
            },
            {
              "status": "affected",
              "version": "Apache Tomcat 8 8.5.60 to 8.5.71"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-772",
              "description": "CWE-772 Missing Release of Resource after Effective Lifetime",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-21T04:07:37",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
        },
        {
          "name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784%40%3Ccommits.myfaces.apache.org%3E"
        },
        {
          "name": "DSA-5009",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5009"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "GLSA-202208-34",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-34"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "DoS via memory leak with WebSocket connections",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security@apache.org",
          "ID": "CVE-2021-42340",
          "STATE": "PUBLIC",
          "TITLE": "DoS via memory leak with WebSocket connections"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Apache Tomcat",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.0.0-M10 to 10.0.11"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 10",
                            "version_value": "10.1.0-M1 to 10.1.0-M5"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 9",
                            "version_value": "9.0.40 to 9.0.53"
                          },
                          {
                            "version_affected": "=",
                            "version_name": "Apache Tomcat 8",
                            "version_value": "8.5.60 to 8.5.71"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apache Software Foundation"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The fix for bug 63362 present in Apache Tomcat 10.1.0-M1 to 10.1.0-M5, 10.0.0-M1 to 10.0.11, 9.0.40 to 9.0.53 and 8.5.60 to 8.5.71 introduced a memory leak. The object introduced to collect metrics for HTTP upgrade connections was not released for WebSocket connections once the connection was closed. This created a memory leak that, over time, could lead to a denial of service via an OutOfMemoryError."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": [
          {}
        ],
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-772 Missing Release of Resource after Effective Lifetime"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E",
              "refsource": "MISC",
              "url": "https://lists.apache.org/thread.html/r83a35be60f06aca2065f188ee542b9099695d57ced2e70e0885f905c%40%3Cannounce.tomcat.apache.org%3E"
            },
            {
              "name": "[myfaces-commits] 20211021 [myfaces-tobago] branch tobago-5.x updated: build: workaround for CVE-2021-42340",
              "refsource": "MLIST",
              "url": "https://lists.apache.org/thread.html/r8097a2d1550aa78e585fc77e602b9046e6d4099d8d132497c5387784@%3Ccommits.myfaces.apache.org%3E"
            },
            {
              "name": "DSA-5009",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-5009"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20211104-0001/",
              "refsource": "CONFIRM",
              "url": "https://security.netapp.com/advisory/ntap-20211104-0001/"
            },
            {
              "name": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379",
              "refsource": "CONFIRM",
              "url": "https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10379"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
            },
            {
              "name": "GLSA-202208-34",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-34"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2021-42340",
    "datePublished": "2021-10-14T19:55:14",
    "dateReserved": "2021-10-13T00:00:00",
    "dateUpdated": "2024-08-04T03:30:38.354Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}