Search criteria
936 vulnerabilities found for fusion_middleware by oracle
FKIE_CVE-2024-21215
Vulnerability from fkie_nvd - Published: 2024-10-15 20:15 - Updated: 2024-10-18 14:51
Severity ?
Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | fusion_middleware | 12.2.1.4.0 | |
| oracle | fusion_middleware | 14.1.1.0.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F3ED632D-FC5B-4035-A0B1-66986B08469F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Core). Las versiones compatibles afectadas son 12.2.1.4.0 y 14.1.1.0.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de HTTP ponga en peligro Oracle WebLogic Server. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la capacidad no autorizada de provocar un bloqueo o un bloqueo frecuente y repetitivo (DOS completo) de Oracle WebLogic Server. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (impactos en la disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"id": "CVE-2024-21215",
"lastModified": "2024-10-18T14:51:31.137",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2024-10-15T20:15:10.797",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-21205
Vulnerability from fkie_nvd - Published: 2024-10-15 20:15 - Updated: 2025-03-13 14:15
Severity ?
Summary
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | fusion_middleware | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Service Bus de Oracle Fusion Middleware (componente: OSB Core Functionality). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Service Bus. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Service Bus. Puntuaci\u00f3n base de CVSS 3.1: 6,5 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"id": "CVE-2024-21205",
"lastModified": "2025-03-13T14:15:21.243",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2024-10-15T20:15:08.857",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
FKIE_CVE-2024-21192
Vulnerability from fkie_nvd - Published: 2024-10-15 20:15 - Updated: 2024-10-18 14:18
Severity ?
Summary
Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | fusion_middleware | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Enterprise Manager for Fusion Middleware de Oracle Fusion Middleware (componente: WebLogic Mgmt). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios elevados que inicie sesi\u00f3n en la infraestructura donde se ejecuta Oracle Enterprise Manager for Fusion Middleware ponga en peligro Oracle Enterprise Manager for Fusion Middleware. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado un acceso no autorizado a datos cr\u00edticos o un acceso completo a todos los datos accesibles de Oracle Enterprise Manager for Fusion Middleware. Puntuaci\u00f3n base de CVSS 3.1: 4,4 (impactos de confidencialidad). Vector CVSS: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
],
"id": "CVE-2024-21192",
"lastModified": "2024-10-18T14:18:52.270",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 0.8,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2024-10-15T20:15:06.340",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-21191
Vulnerability from fkie_nvd - Published: 2024-10-15 20:15 - Updated: 2024-10-18 18:58
Severity ?
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
7.6 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N
Summary
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | fusion_middleware | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Enterprise Manager Fusion Middleware Control de Oracle Fusion Middleware (componente: complemento FMW Control). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante con privilegios reducidos y acceso a la red a trav\u00e9s de HTTP comprometa Oracle Enterprise Manager Fusion Middleware Control. Los ataques exitosos requieren la interacci\u00f3n humana de una persona distinta del atacante y, si bien la vulnerabilidad se encuentra en Oracle Enterprise Manager Fusion Middleware Control, los ataques pueden afectar significativamente a productos adicionales (cambio de alcance). Los ataques exitosos de esta vulnerabilidad pueden dar como resultado el acceso no autorizado a datos cr\u00edticos o el acceso completo a todos los datos accesibles de Oracle Enterprise Manager Fusion Middleware Control, as\u00ed como el acceso no autorizado a actualizaciones, inserciones o eliminaciones de algunos de los datos accesibles de Oracle Enterprise Manager Fusion Middleware Control. Puntuaci\u00f3n base CVSS 3.1 7.6 (impactos en la confidencialidad y la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
}
],
"id": "CVE-2024-21191",
"lastModified": "2024-10-18T18:58:20.213",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.3,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-15T20:15:06.150",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2024-21190
Vulnerability from fkie_nvd - Published: 2024-10-15 20:15 - Updated: 2024-10-18 18:56
Severity ?
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Summary
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpuoct2024.html | Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | fusion_middleware | 12.2.1.4.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
},
{
"lang": "es",
"value": "Vulnerabilidad en el producto Oracle Global Lifecycle Management FMW Installer de Oracle Fusion Middleware (componente: Cloning). La versi\u00f3n compatible afectada es la 12.2.1.4.0. Esta vulnerabilidad, que se puede explotar f\u00e1cilmente, permite que un atacante no autenticado con acceso a la red a trav\u00e9s de SFTP ponga en peligro Oracle Global Lifecycle Management FMW Installer. Los ataques exitosos de esta vulnerabilidad pueden dar como resultado la creaci\u00f3n, eliminaci\u00f3n o modificaci\u00f3n no autorizada de datos cr\u00edticos o de todos los datos accesibles de Oracle Global Lifecycle Management FMW Installer. Puntuaci\u00f3n base de CVSS 3.1: 7,5 (impactos en la integridad). Vector CVSS: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"id": "CVE-2024-21190",
"lastModified": "2024-10-18T18:56:42.630",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2024-10-15T20:15:05.973",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2023-21994
Vulnerability from fkie_nvd - Published: 2023-07-18 21:15 - Updated: 2024-11-21 07:44
Severity ?
Summary
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
References
| URL | Tags | ||
|---|---|---|---|
| secalert_us@oracle.com | https://www.oracle.com/security-alerts/cpujul2023.html | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.oracle.com/security-alerts/cpujul2023.html | Patch, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | fusion_middleware | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:*:*:*:*:*:*:*:*",
"matchCriteriaId": "82B9FC6A-B415-45FC-AFBC-C51098F68FFC",
"versionEndExcluding": "11.1.2.3.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"id": "CVE-2023-21994",
"lastModified": "2024-11-21T07:44:04.080",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "secalert_us@oracle.com",
"type": "Primary"
}
]
},
"published": "2023-07-18T21:15:11.813",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2021-2351
Vulnerability from fkie_nvd - Published: 2021-07-21 15:15 - Updated: 2024-11-21 06:02
Severity ?
8.3 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:advanced_networking_option:12.1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E95885F4-38B5-445A-B084-6B87172F2082",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:advanced_networking_option:12.2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "FC810AC7-4185-4E20-AFE8-72A97C2933EA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:advanced_networking_option:19c:*:*:*:*:*:*:*",
"matchCriteriaId": "231C1E97-2198-4DD7-8BD1-5FF4DDA14CDA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "80C9DBB8-3D50-4D5D-859A-B022EB7C2E64",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A4AA4B21-1BA9-4ED8-B9EA-558AF8655D24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_product_lifecycle_management_for_process:6.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9C3F9EE5-FCFC-45B8-9F57-C05D42EE0FF0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:airlines_data_model:12.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "06480458-3216-4C42-9270-F68A41EEC147",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:airlines_data_model:12.2.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "480BF1CB-11D7-4D86-A99E-960F316F2E1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F84E5662-0289-4ED5-A112-BC506508216C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_performance_management:13.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD312681-73A4-4B21-BDE8-50DED7E3E0CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BC3D0C4E-0B40-4ACF-BD9E-104CC1D77521",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E67940FD-3BA7-40A8-8E40-44B37D23E2DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_analytics:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6EB4DE-33DA-4810-96BD-29C82B433714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_insight:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7FCB446-49A7-48B9-8808-E72A4E2E48C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_insight:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9B2F53-257E-49E2-83C3-0840BDB4D67C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_insight:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6CF34B1B-0FC0-4EA6-830D-D2191337D451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_mart:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EA67581B-F8FD-416E-852F-859D642B7405",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_mart:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "32ACEED2-BA43-4EF7-9183-2F01CC277FB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_mart:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "18B967BB-2233-4FB2-B10D-9A338E1B4089",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_safety:8.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "09B79608-5D94-45C3-ADF0-B181B92C3014",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_safety:8.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9F05D844-38BD-4EEB-AF91-E5ED18B1E7E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:argus_safety:8.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "25193811-46CE-4A0E-B22D-67BE99FAD450",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DF2D056-3118-4C31-BEDD-69F016898CBB",
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CF34B11F-3DE1-4C22-8EB1-AEE5CE5E4172",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "86F03B63-F922-45CD-A7D1-326DB0042875",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7CBFC93F-8B39-45A2-981C-59B187169BD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_apis:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0843465C-F940-4FFC-998D-9A2668B75EA0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:*:*:*:*:*:*:*:*",
"matchCriteriaId": "366A6277-5D74-44C8-94A9-8ADB5568B5FB",
"versionEndIncluding": "18.3",
"versionStartIncluding": "18.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "560F20E6-AEA1-4CE5-A393-C9B2CF334C5C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F7BDFC10-45A0-46D8-AB92-4A5E2C1C76ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:19.2:*:*:*:*:*:*:*",
"matchCriteriaId": "18127694-109C-4E7E-AE79-0BA351849291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:20.1:*:*:*:*:*:*:*",
"matchCriteriaId": "33F68878-BC19-4DB8-8A72-BD9FE3D0ACEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_digital_experience:21.1:*:*:*:*:*:*:*",
"matchCriteriaId": "0D6895A6-511A-4DC6-9F9B-58E05B86BDB1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "74C7E2F1-17FC-4322-A5C3-F7EB612BA4F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_enterprise_default_management:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "320D36DA-D99F-4149-B582-3F4AB2F41A1B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "132CE62A-FBFC-4001-81EC-35D81F73AF48",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "645AA3D1-C8B5-4CD2-8ACE-31541FA267F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:2.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BDC6D658-09EA-4C41-869F-1C2EA163F751",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:big_data_spatial_and_graph:*:*:*:*:*:*:*:*",
"matchCriteriaId": "384DEDD9-CB26-4306-99D8-83068A9B23ED",
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:blockchain_platform:21.1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2ECE8F5F-4417-4412-B857-F1ACDEED4FC2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:clinical:5.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4B2CEA84-0983-4C40-B923-99244ABCF32D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:clinical:5.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2FD798A8-38B7-42C1-9043-863D16CE7ACA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "57DA1DD8-E9F1-43C6-BCA2-1E9C92B1664C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "869CDD22-4A6C-4665-AA37-E340B07EF81C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:commerce_platform:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CDE72F7-ED9D-4A53-BF63-DF6711FFDEF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "787E2C1B-9BAD-4018-8495-E9BE75628BB8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B465F237-0271-4389-8035-89C07A52350D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_billing_and_revenue_management:12.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "123CB9B5-C800-47FD-BD0C-BE44198E97E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_calendar_server:8.0.0.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4063FAD6-21D4-42C7-87C0-D299532E0982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_contacts_server:8.0.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "59275C23-53C0-4890-A941-A71226B50CFB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0172500D-DE51-44E0-91E8-C8F36617C1F8",
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_convergent_charging_controller:6.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E99E7D49-AE53-4D16-AB24-EBEAAD084289",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "69C215AB-25B4-47A6-AD6A-A60D2C0FF72F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8E77E48F-1521-4C89-A5D0-A7F0A8D21AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:11.3.2.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F88A2F3-E201-4C68-8D11-0A5C76CDB071",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:12.1.0.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBD877F8-E6EF-4314-AAC0-36F81F4908DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_data_model:12.1.2.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3D7356B6-E197-4978-BF18-2CFD4D350A76",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B54457C-8305-4F82-BE1E-DBA030A8E676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C756C62B-E655-4770-8E85-B1995889E416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "93F65B4C-59D5-450A-9955-7FDA32252B0F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A67AA54B-258D-4D09-9ACB-4085E0B3E585",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B5AAD5EB-403D-4DCD-96F6-3871889B9403",
"versionEndIncluding": "8.2.3",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_ip_service_activator:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DE7A60DB-A287-4E61-8131-B6314007191B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_metasolv_solution:6.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "64BCB9E3-883D-4C1F-9785-2E182BA47B5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F28B94B3-D940-4B1C-9E72-F061515D24F2",
"versionEndIncluding": "12.0.4.0.0",
"versionStartIncluding": "12.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_charging_and_control:6.0.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EB9047B1-DA8C-4BFD-BE41-728BD7ECF3E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "FB92D8A7-2ABD-4B70-A32C-4B6B866C5B8B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_network_integrity:7.3.6:*:*:*:*:*:*:*",
"matchCriteriaId": "B21E6EEF-2AB7-4E96-B092-1F49D11B4175",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "D6BDB265-293F-4F27-8CE0-576DF3ECD3BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_pricing_design_center:12.0.0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "53600579-4542-4D80-A93C-3E45938C749D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "062E4E7C-55BB-46F3-8B61-5A663B565891",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D96CE74A-EB3A-489E-9229-43810DD46F64",
"versionEndIncluding": "8.2.5.0",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_route_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EAE0FAB3-DE56-4271-B3F1-FF665F55B728",
"versionEndIncluding": "8.2.5",
"versionStartIncluding": "8.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:demantra_demand_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "132DE874-6E47-452A-9FDD-27D5A41F046E",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "603C00AA-DBF3-4F62-A74D-8AE596800B4C",
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:documaker:12.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AE3CF700-5042-4DD5-A4B1-53A6C4D8E549",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:documaker:12.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C3D5995F-542C-489E-8940-991AAB17643B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E80555C7-DA1C-472C-9467-19554DCE4476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.5.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6E8758C8-87D3-450A-878B-86CE8C9FC140",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7EA4D3C5-6A7C-4421-88EF-445A96DBCE0C",
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.0.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "47B0A947-E4C8-4C04-AD3B-950E59DF7A0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "1AC36036-07CE-4903-8FFB-445C6908F0CE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_behavior_detection_platform:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "435FDFA1-BF6A-499D-BDB6-88A26648DFD5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "AB3F3F63-9543-4568-BCB1-1CAF88384142",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "FC0C4CA4-1694-474E-8272-CF96E168D962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_enterprise_case_management:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "93E953D0-9C0C-4B03-9939-384A1F7E2BC9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "767CC73D-2771-4BBC-9D74-4416AEC6BB2E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "D33B68C6-2A4E-418C-A2BD-43A3CC5D1003",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_foreign_account_tax_compliance_act_management:8.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DAE3EA23-045D-474C-ABD8-916930D4E9E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_model_management_and_governance:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8BB9420F-87CE-4B4B-A417-AA6813CE1318",
"versionEndIncluding": "8.1.1.0.0",
"versionStartIncluding": "8.0.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.7:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "B57ECC6E-CC64-4DE7-B657-3BA54EDDFFF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_trade-based_anti_money_laundering:8.0.8:*:*:*:enterprise:*:*:*",
"matchCriteriaId": "10BBAD37-51A1-4819-807B-2642E9D4A69C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "B0A34DF8-72CC-4A8E-84F2-C2DF4A0B9FAB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "21BE77B2-6368-470E-B9E6-21664D9A818A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3250073F-325A-4AFC-892F-F2005E3854A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:12.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0DDDC9C2-33D6-4123-9ABC-C9B809A6E88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "524429D6-8AF1-4713-A9B8-678B50A3762F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_investor_servicing:14.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "ED21B958-0FD0-4697-9CE2-266DEE4E29DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2177A5E9-B260-499E-8D60-920679518425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC91D0AD-C721-4653-A2B7-4EA7D97F6392",
"versionEndExcluding": "12.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C0B3C50D-60BB-40B3-A146-BF7A1EC9ECC5",
"versionEndExcluding": "21.5.0.0.220118",
"versionStartIncluding": "19.1.0.0.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C970F0E8-0768-451A-8091-5C88761CA95D",
"versionEndExcluding": "23.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:graph_server_and_client:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7E3417CF-4E94-4BA0-A05A-018D00EAC107",
"versionEndExcluding": "21.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_clinical_development_analytics:4.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "4E45ADE3-2A3D-4FCA-BCDF-D0CC6CE0A23C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_inform_crf_submit:6.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AB8797ED-52E7-47B6-9F78-E2402671CCAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "97C10FBE-FD9A-4739-9303-5B6FC7551D66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CF45C905-9EFF-4108-9B70-9FFDDD6627A6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:7.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E03F5DEF-DDD7-4C8C-90EF-7E4BCDEFE34B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "66C673C4-A825-46C0-816B-103E1C058D03",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_data_repository:8.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BA92E70A-2249-4144-B0B8-35501159ADB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CFDEE0AC-F2A4-4CA4-B8B5-E3F98712B072",
"versionEndIncluding": "7.3.0.2",
"versionStartIncluding": "7.3.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D747A956-40A6-47D8-A813-FA4E13CB557F",
"versionEndIncluding": "8.0.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "ED13F526-2D53-4627-B2C5-3678F5CC405B",
"versionEndIncluding": "8.1.1",
"versionStartIncluding": "8.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_translational_research:4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "523391D8-CB84-4EBD-B337-6A99F52E537F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_inventory_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "30B1475D-4F8D-4539-AED9-609C23944D14",
"versionEndExcluding": "9.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_inventory_management:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "8865CE15-F9A1-4A46-AF93-B58356BDEE6F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_opera_5:5.6:*:*:*:*:*:*:*",
"matchCriteriaId": "95D6A426-B914-401F-9AB0-5F5E3A3FE138",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_reporting_and_analytics:9.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FCBF2756-B831-4E6E-A15B-2A11DD48DB7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CBDA65DE-5727-49DC-8D50-DA81DB3E8841",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A577DCD3-6730-441A-B3BD-6199483FB1E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "577A07A9-DBB1-49E6-B2CC-60B917097472",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.13.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D4833DCA-FC54-4F89-B2DF-8E39C9C49DF6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hospitality_suite8:8.14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AD7E9060-BA5B-4682-AC0D-EE5105AD0332",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.2.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "52C13DE5-CA3C-414F-8813-BB0847433151",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:ilearning:6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D361A9A8-15B0-4527-868B-80998772F2AB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:ilearning:6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A667A37-59EB-4539-ADCA-D5F789DB6744",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*",
"matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*",
"matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*",
"matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "BD4EE554-DFE7-4C16-BC98-574DC97FC85C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE4160ED-75F2-4499-AC6C-90CD092A46E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "2F03BFDA-6904-42D7-8170-D6FD143BB16C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "32EE6974-6E2E-4DE8-9F2B-8FE0FCEFECFA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_data_gateway:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C85900AC-11DA-4FA8-A1E0-270240BF4B0E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4E0154DF-9EC0-4844-9B06-1C554CED3BC2",
"versionEndIncluding": "5.6.0",
"versionStartIncluding": "5.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_insbridge_rating_and_underwriting:5.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "428D2B1D-CFFD-49D1-BC05-2D85D22004DE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "00C9E689-ED91-4A9D-B9C0-5BF4EC131409",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "7EFA1879-0BF9-4493-9145-15100BC38C0A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EF958C28-4289-4433-8CD9-B6551F01926F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "57E9FC66-F6A0-4FB0-8D92-2C9B9E3F2184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4F9721E3-EE25-4C8A-9E0A-E60D465E0A97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.2.7:*:*:*:*:*:*:*",
"matchCriteriaId": "212AC8FA-90E8-4FDF-BC57-D17CD8F2E35C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7A6C04D-43B3-4B83-A185-7CBD838C97E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E2B51896-E4DA-4FDA-979F-481FFB3E588A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jd_edwards_enterpriseone_tools:9.2.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4A87D1B6-87DF-4BC6-9C3E-F3AA47E22C4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:oss_support_tools:*:*:*:*:*:*:*:*",
"matchCriteriaId": "71CB79ED-A93E-4CBD-BCDD-82C5A00B373B",
"versionEndExcluding": "2.12.42",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.57:*:*:*:*:*:*:*",
"matchCriteriaId": "7E1E416B-920B-49A0-9523-382898C2979D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.58:*:*:*:*:*:*:*",
"matchCriteriaId": "D9DB4A14-2EF5-4B54-95D2-75E6CF9AA0A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:peoplesoft_enterprise_peopletools:8.59:*:*:*:*:*:*:*",
"matchCriteriaId": "C8AF00C6-B97F-414D-A8DF-057E6BFD8597",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:policy_automation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F47057A9-2DDE-4178-B140-F7D70EAED8F6",
"versionEndIncluding": "12.2.24",
"versionStartIncluding": "12.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_analytics:18.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA9948AB-0CA6-4148-949C-E500466B45F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_analytics:19.12.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56D17905-5E69-4BD5-973B-30662AC3D678",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_analytics:20.12.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "70E72A74-F6A9-48EE-9279-3D9E53C2EC30",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:18.8.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F14C6AB5-CC45-4753-A60F-1F527B063127",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:19.12.11.1:*:*:*:*:*:*:*",
"matchCriteriaId": "583BBDF1-DBE4-486D-ABF8-7D2B0408490A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_data_warehouse:20.12.12.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C9810151-6F80-48FD-A51E-F063EB2B7324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B1C88FD-C2EC-4C96-AC7E-6F95C8763B48",
"versionEndIncluding": "17.12.11",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "301E7158-9090-467C-B3B4-30A8DB3B395D",
"versionEndIncluding": "18.8.12",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "BBEFACB1-C8EA-492B-8F85-A564DB363C83",
"versionEndIncluding": "19.12.11",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E6B70E72-B9FC-4E49-8EDD-29C7E14F5792",
"versionEndIncluding": "20.12.7",
"versionStartIncluding": "20.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6AEB882B-4975-4417-848C-0EAB022EB893",
"versionEndIncluding": "17.12.20",
"versionStartIncluding": "17.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51E74B18-96E2-4B13-8072-3A4B29ED42EC",
"versionEndIncluding": "18.8.24",
"versionStartIncluding": "18.8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A3B41942-0EAE-4915-B560-C77855CF3AC1",
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "798DD531-5B35-4D26-817D-5826666C9FA1",
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0E96F120-57FB-432C-8D9A-A227A78BB4B4",
"versionEndIncluding": "17.12.20.0",
"versionStartIncluding": "17.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C97C52C9-16DD-4086-A1CF-19FD5C90FEA3",
"versionEndIncluding": "18.8.24.0",
"versionStartIncluding": "18.8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "05848067-59FF-4C90-A8BA-D1E4311B3A82",
"versionEndIncluding": "19.12.17.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_professional_project_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "DC6AD8C8-96ED-4CFB-9953-99139FABCE35",
"versionEndIncluding": "20.12.9.0",
"versionStartIncluding": "20.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*",
"matchCriteriaId": "08FA59A8-6A62-4B33-8952-D6E658F8DAC9",
"versionEndIncluding": "17.12",
"versionStartIncluding": "17.7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*",
"matchCriteriaId": "202AD518-2E9B-4062-B063-9858AE1F9CE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*",
"matchCriteriaId": "10864586-270E-4ACF-BDCC-ECFCD299305F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*",
"matchCriteriaId": "38340E3C-C452-4370-86D4-355B6B4E0A06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_unifier:21.12:*:*:*:*:*:*:*",
"matchCriteriaId": "E9C55C69-E22E-4B80-9371-5CD821D79FE2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7F978162-CB2C-4166-947A-9048C6E878BC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CE004F32-F4DA-45A8-AD11-8924C4F1076A",
"versionEndIncluding": "12.2.11",
"versionStartIncluding": "12.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.4.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CADD7026-EF85-40A5-8563-7A34C6941B1F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:real_user_experience_insight:13.5.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "58F019E8-F68D-41B5-9480-0A81616F2E7C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_analytics:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90D4D479-0294-4F31-B719-8544C8DC4554",
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48C9BD8E-7214-4B44-B549-6F11B3EA8A04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F0735989-13BD-40B3-B954-AC0529C5B53D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "58405263-E84C-4071-BB23-165D49034A00",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_insights:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E0B58B00-92A6-4033-B53A-839A4BDDF30F",
"versionEndIncluding": "16.0.2",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "31FFE404-027E-4B59-B3EF-BD20E1F7EECC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "798E4FEE-9B2B-436E-A2B3-B8AA1079892A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CB86F6C3-981E-4ECA-A5EB-9A9CD73D70C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "44AA1B51-8A24-48F0-B16F-803D69698707",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7435071D-0C95-4686-A978-AFC4C9A0D0FE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8CFCE558-9972-46A2-8539-C16044F1BAA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A1194C4E-CF42-4B4D-BA9A-40FDD28F1D58",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BD311C33-A309-44D5-BBFB-539D72C7F8C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "AE1BC44A-F0AF-41CD-9CEB-B07AB5ADAB38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_management_system:19.5:*:*:*:*:*:*:*",
"matchCriteriaId": "99B5DC78-1C24-4F2B-A254-D833FAF47013",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "E13DF2AE-F315-4085-9172-6C8B21AF1C9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B1A4F12-3E64-41CF-B2B3-B6AB734B69E0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "24A3C819-5151-4543-A5C6-998C9387C8A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "4FB98961-8C99-4490-A6B8-9A5158784F5A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B956113-5B3B-436D-858B-8F29FB304364",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E8917F6-00E7-47EC-B86D-A3B11D5F0E0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EFC5F424-119D-4C66-8251-E735EEFBC0BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "E702EBED-DB39-4084-84B1-258BC5FE7545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3F7956BF-D5B6-484B-999C-36B45CD8B75B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:19.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "9DA6B655-A445-42E5-B6D9-70AB1C04774A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C1933509-1BEA-45DA-B6AF-2713B432B1F5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4DA1BF68-635B-4577-B3F7-DEBC39567C8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3B202AEF-1197-441B-8EA1-2913BFD8A545",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A69FB468-EAF3-4E67-95E7-DF92C281C1F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:siebel_ui_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "889916ED-5EB2-49D6-8400-E6DBBD6C287F",
"versionEndIncluding": "21.12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:spatial_studio:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6DFFDFD4-0D11-4F63-A0AD-A0C65A067912",
"versionEndExcluding": "21.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "EE6B6243-9FE9-432B-B5A8-20E515E06A93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "01E3B232-073E-433B-977A-1742B75109B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6F6FDC33-D57E-4C6A-B633-BFC587147037",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:thesaurus_management_system:5.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F3B01572-9D32-44B2-8FCF-C282C887DB51",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*",
"matchCriteriaId": "20290BBC-E3C9-4B96-94FE-2DFADD4BF1F1",
"versionEndExcluding": "21.1.1.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:timesten_in-memory_database:21.1.1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AF7F55C1-2114-4D22-B696-6E20337E52FF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "85CAE52B-C2CA-4C6B-A0B7-2B9D6F0499E2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A3ED272C-A545-4F8C-86C0-2736B3F2DCAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "C5B4C338-11E1-4235-9D5A-960B2711AC39",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8C93F84E-9680-44EF-8656-D27440B51698",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:zfs_storage_application_integration_engineering_software:1.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CB85582D-0106-47F1-894F-0BC4FF0B5462",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el componente Advanced Networking Option de Oracle Database Server. Las versiones compatibles que est\u00e1n afectadas son 12.1.0.2, 12.2.0.1 y 19c. Una vulnerabilidad dif\u00edcil de explotar permite a un atacante no autenticado con acceso a la red por medio de Oracle Net comprometer a advanced Networking Option. Los ataques con \u00e9xito requieren una interacci\u00f3n humana de una persona diferente del atacante y, mientras la vulnerabilidad se encuentra en Advanced Networking Option, los ataques pueden afectar significativamente a productos adicionales. Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en la toma de control de Advanced Networking Option. Nota: La actualizaci\u00f3n de parches cr\u00edticos de julio de 2021 introduce una serie de cambios en el Cifrado de Red Nativo para hacer frente a la vulnerabilidad (CVE-2021-2351 y prevenir el uso de cifrados m\u00e1s d\u00e9biles. Los clientes deben revisar: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Puntuaci\u00f3n Base 8.3 (Impactos en la Confidencialidad, Integridad y Disponibilidad). Vector CVSS: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)"
}
],
"id": "CVE-2021-2351",
"lastModified": "2024-11-21T06:02:56.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 6.0,
"source": "secalert_us@oracle.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.6,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
},
"published": "2021-07-21T15:15:21.827",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Third Party Advisory"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-327"
},
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-14750
Vulnerability from fkie_nvd - Published: 2020-11-02 21:15 - Updated: 2025-10-27 17:08
Severity ?
Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| oracle | weblogic_server | 10.3.6.0.0 | |
| oracle | weblogic_server | 12.1.3.0.0 | |
| oracle | weblogic_server | 12.2.1.3.0 | |
| oracle | weblogic_server | 12.2.1.4.0 | |
| oracle | weblogic_server | 14.1.1.0.0 |
{
"cisaActionDue": "2022-05-03",
"cisaExploitAdd": "2021-11-03",
"cisaRequiredAction": "Apply updates per vendor instructions.",
"cisaVulnerabilityName": "Oracle WebLogic Server Remote Code Execution Vulnerability",
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
},
{
"lang": "es",
"value": "Una vulnerabilidad en el producto Oracle WebLogic Server de Oracle Fusion Middleware (componente: Console).\u0026#xa0;Las versiones compatibles que est\u00e1n afectadas son 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 y 14.1.1.0.0.\u0026#xa0;La vulnerabilidad f\u00e1cilmente explotable permite a un atacante no autenticado con acceso a la red por medio de HTTP comprometer a Oracle WebLogic Server.\u0026#xa0;Los ataques con \u00e9xito de esta vulnerabilidad pueden resultar en una toma de control de Oracle WebLogic Server.\u0026#xa0;CVSS 3.1 Puntuaci\u00f3n Base 9.8 (Impactos en la Confidencialidad, Integridad y Disponibilidad).\u0026#xa0;CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)"
}
],
"id": "CVE-2020-14750",
"lastModified": "2025-10-27T17:08:31.047",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "secalert_us@oracle.com",
"type": "Secondary"
}
]
},
"published": "2020-11-02T21:15:24.493",
"references": [
{
"source": "secalert_us@oracle.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
},
{
"source": "secalert_us@oracle.com",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"tags": [
"US Government Resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14750"
}
],
"sourceIdentifier": "secalert_us@oracle.com",
"vulnStatus": "Analyzed",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-5421
Vulnerability from fkie_nvd - Published: 2020-09-19 04:15 - Updated: 2024-11-21 05:34
Severity ?
Summary
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "4078B16E-B065-43DD-AEEA-25A508D98E72",
"versionEndExcluding": "4.3.29",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C5BBCD-D85A-4E41-9BBC-8506252A5158",
"versionEndExcluding": "5.0.19",
"versionStartIncluding": "5.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C4B69981-7A64-4367-9FC7-1E90C7B63692",
"versionEndExcluding": "5.1.18",
"versionStartIncluding": "5.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "90CE3FDA-C493-4BF5-A098-3D3ECFA82E77",
"versionEndExcluding": "5.2.9",
"versionStartIncluding": "5.2.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:commerce_guided_search:11.3.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2A3622F5-5976-4BBC-A147-FC8A6431EA79",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm:11.3.0.9:*:*:*:*:*:*:*",
"matchCriteriaId": "DBE77CD9-D635-4DE2-BD01-6927EEC6F564",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_brm:12.0.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E452C793-8E23-47DA-836C-B2D232AE66D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "93BE4838-1144-4A6A-ABDB-F2766E64C91C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "1B54457C-8305-4F82-BE1E-DBA030A8E676",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_design_studio:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C756C62B-E655-4770-8E85-B1995889E416",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_session_report_manager:*:*:*:*:*:*:*:*",
"matchCriteriaId": "02CD4CBE-8C08-4806-92AC-8D3BF7AB84F8",
"versionEndIncluding": "8.2.2.1",
"versionStartIncluding": "8.2.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E80555C7-DA1C-472C-9467-19554DCE4476",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6762F207-93C7-4363-B2F9-7A7C6F8AF993",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_private_banking:12.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B74B912-152D-4F38-9FC1-741D6D0B27FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2177A5E9-B260-499E-8D60-920679518425",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:goldengate_application_adapters:19.1.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E7BE0590-31BD-4FCD-B50E-A5F86196F99E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "A04A51B8-5296-425D-BC35-1B30C4F3F052",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:hyperion_infrastructure_technology:11.1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DED59B62-C9BF-4C0E-B351-3884E8441655",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1DDB3D8B-1D04-4345-BB27-723186719CBD",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.2:*:*:*:*:*:*:*",
"matchCriteriaId": "68017B52-6597-4E32-A38F-634B5635568C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "009366BF-8604-4F5C-8F1E-346D8CD62CB3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "0F89EC4B-6D34-40F0-B7C6-C03D03F81C13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EDC84EC1-DB07-44E7-A08E-669109386208",
"versionEndIncluding": "8.0.22",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:8.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "955955B3-95F0-4887-97DC-58FB7A13F257",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "06CF27F6-ADC1-480C-9D2E-2BD1E7330C32",
"versionEndIncluding": "16.2.11",
"versionStartIncluding": "16.2.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D3D3B98-C309-4598-BBCD-AF944A13FDC1",
"versionEndIncluding": "17.12.9",
"versionStartIncluding": "17.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F582225-CEBE-4CA7-85A7-2D615830BB4C",
"versionEndIncluding": "18.8.10",
"versionStartIncluding": "18.8.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3EF7E2B4-B741-41E9-8EF6-6C415AB9EF54",
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FEC03747-5347-4A0C-9CF2-6234BBDDC514",
"versionEndIncluding": "16.2.20",
"versionStartIncluding": "16.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "081EB2B8-9973-4BE6-BC5B-542C4596E27E",
"versionEndIncluding": "17.12.19",
"versionStartIncluding": "17.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "89D3DA35-029B-4194-92DE-47972D3E81AE",
"versionEndIncluding": "18.8.21",
"versionStartIncluding": "18.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E1E5E43-703C-49F0-8612-0D91B846FE30",
"versionEndIncluding": "19.12.10",
"versionStartIncluding": "19.12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CDDD1BFF-9B0D-45DA-86DC-05CF829107FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "360B307A-3D7F-4B38-8248-76CF8318B023",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_engagement:*:*:*:*:*:*:*:*",
"matchCriteriaId": "924E5D1E-FB5B-4B6B-9120-ABED0F80FB90",
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B92BB355-DB00-438E-84E5-8EC007009576",
"versionEndIncluding": "19.0",
"versionStartIncluding": "16.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "CADAC4BA-0451-4FFD-9071-087C8568C3C2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "17AEB94A-ED0B-4A2F-A03B-DD963E83CE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "6B042849-7EF5-4A5F-B6CD-712C0B8735BF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F1AFAE16-B69F-410A-8CE3-1CDD998A8433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "FA800332-C6B9-4F05-9FB0-72C1040AAFD4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "822A3C37-86F2-4E91-BE91-2A859F983941",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:14.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42227DD8-6671-4B38-9E42-4ACF78F09C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_invoice_matching:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "69962BD9-A102-4621-9461-018E87261657",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_merchandising_system:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F8383028-B719-41FD-9B6A-71F8EB4C5F8D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_returns_management:14.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BDB925C6-2CBC-4D88-B9EA-F246F4F7A206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:14.1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D7FCC976-615C-4DE5-9F50-1B25E9553962",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:15.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "84142490-E2D5-4B1F-A0D2-D2D68B120AFF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_service_backbone:16.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "DEE71EA5-B315-4F1E-BFEE-EC426B562F7E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78D8F551-8DC8-4510-8350-AE6BC64748DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "073FEA23-E46A-4C73-9D29-95CFF4F5A59D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_acsls:8.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "6953CFDB-33C0-4B8E-BBBD-E460A17E8ED3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4A5BB153-68E0-4DDA-87D1-0D9AB7F0A418",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "04BCDC24-4A21-473C-8733-0D9CFB38A752",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*",
"matchCriteriaId": "F1BE6C1F-2565-4E97-92AA-16563E5660A5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter."
},
{
"lang": "es",
"value": "En Spring Framework versiones 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28 y versiones anteriores no compatibles, las protecciones contra ataques RFD del CVE-2015 -5211 puede ser omitidas seg\u00fan el navegador usado mediante el uso de un par\u00e1metro de ruta jsessionid"
}
],
"id": "CVE-2020-5421",
"lastModified": "2024-11-21T05:34:08.303",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 3.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:S/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.3,
"impactScore": 5.8,
"source": "security@pivotal.io",
"type": "Secondary"
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 4.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-19T04:15:11.527",
"references": [
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "security@pivotal.io",
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E"
},
{
"source": "security@pivotal.io",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"source": "security@pivotal.io",
"tags": [
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"source": "security@pivotal.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "security@pivotal.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "security@pivotal.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "security@pivotal.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "security@pivotal.io",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "security@pivotal.io",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Not Applicable",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "security@pivotal.io",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-10683
Vulnerability from fkie_nvd - Published: 2020-05-01 19:15 - Updated: 2024-11-21 04:55
Severity ?
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1D7F74F1-B9EA-4659-9755-B23F7D747685",
"versionEndExcluding": "2.0.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dom4j_project:dom4j:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3C2C95BD-A005-44E2-ACE8-633505485D1B",
"versionEndExcluding": "2.1.3",
"versionStartIncluding": "2.1.0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
"matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
"matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:banking_platform:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3625D477-1338-46CB-90B1-7291D617DC39",
"versionEndIncluding": "2.10.0",
"versionStartIncluding": "2.4.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E869C417-C0E6-4FC3-B406-45598A1D1906",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:business_process_management_suite:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DFEFE2C0-7B98-44F9-B3AD-D6EC607E90DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_application_session_controller:3.9m0p1:*:*:*:*:*:*:*",
"matchCriteriaId": "C6092C11-7779-451C-94F9-24FA2F2010FB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
"matchCriteriaId": "526E2FE5-263F-416F-8628-6CD40B865780",
"versionEndIncluding": "8.2.2",
"versionStartIncluding": "8.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "05AD47CC-8A6D-4AEC-B23E-701D3D649CC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9901F6BA-78D5-45B8-9409-07FF1C6DDD38",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:data_integrator:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9FADE563-5AAA-42FF-B43F-35B20A2386C9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:documaker:*:*:*:*:*:*:*:*",
"matchCriteriaId": "135D531C-A692-4BE3-AB8C-37BB0D35559A",
"versionEndIncluding": "12.6.4",
"versionStartIncluding": "12.6.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7DCC2C59-BB9B-4BD2-80A4-33B72737FA10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_data_quality:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36CF85A9-2C29-46E7-961E-8ADD0B5822CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.4.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D26F3E23-F1A9-45E7-9E5F-0C0A24EE3783",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*",
"matchCriteriaId": "021014B2-DC51-481C-BCFE-5857EFBDEDDA",
"versionEndIncluding": "8.1.0",
"versionStartIncluding": "8.0.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "87416B3B-3B2B-486B-B931-19199EF07000",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1102B6BC-D99E-4AC0-9375-FB8517A4A71F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "4D22386C-FEC4-4984-8E2A-8FE4796BEFBE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:flexcube_core_banking:11.10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B283B614-9E31-4148-8688-B0672B3A77B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "6329B1A2-75A8-4909-B4FB-77AC7232B6ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_empirica_signal:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "2051BA9E-E635-47D5-B942-8AC26E9487CB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C666FA96-3809-475C-B68F-29E59BD51959",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:*:*:*:*:*:*:*:*",
"matchCriteriaId": "48261B54-471D-4C03-AFF9-6F2EA8FA8EBB",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "64D4B80E-2B67-4BDC-9A3A-7BFDA171016A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "33E0F28C-1FF3-4E12-AAE4-A765F4F81EC0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_policy_administration_j2ee:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "9A570E5E-A3BC-4E19-BC44-C28D8BC9A537",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DEAB5CD-4223-4A43-AB9E-486113827A6C",
"versionEndIncluding": "11.3.0",
"versionStartIncluding": "11.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "AEDF91E2-E7B5-40EE-B71F-C7D59F4021BD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9A94F93C-5828-4D78-9C48-20AC17E72B8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:insurance_rules_palette:11.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F3E25293-CB03-44CE-A8ED-04B3A0487A6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:jdeveloper:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "335AB6A7-3B1F-4FA8-AF08-7D64C16C4B04",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "951CE1FD-CBFD-4724-919F-CF9B529F0BA5",
"versionEndIncluding": "16.2.20.1",
"versionStartIncluding": "16.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B89D2BCD-BA96-4DCF-A8B0-59989AD1BC87",
"versionEndIncluding": "17.12.17.1",
"versionStartIncluding": "17.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "18CE17D6-FC25-4FDA-AD28-BD8533C7513A",
"versionEndIncluding": "18.8.19.0",
"versionStartIncluding": "18.1.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:*:*:*:*:*:*:*:*",
"matchCriteriaId": "5DE19678-FB27-4E29-A7BF-232141D52502",
"versionEndIncluding": "19.12.6.0",
"versionStartIncluding": "19.12.0.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.1:*:*:*:*:*:*:*",
"matchCriteriaId": "19A0F1AF-F2E6-44E7-8E2D-190E103B72D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:rapid_planning:12.2:*:*:*:*:*:*:*",
"matchCriteriaId": "6D53690D-3390-4A27-988A-709CD89DD05B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "CBEEB907-B163-43FF-86DE-4387123DCC4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:17.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A7FBF5C7-EC73-4CE4-8CB7-E9CF5705DB25",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "36E16AEF-ACEB-413C-888C-8D250F65C180",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_customer_management_and_segmentation_foundation:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "9EFAEA84-E376-40A2-8C9F-3E0676FEC527",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "42064F46-3012-4FB1-89BA-F13C2E4CBB6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_integration_bus:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "F73E2EFA-0F43-4D92-8C7D-9E66811B76D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*",
"matchCriteriaId": "EE8CF045-09BB-4069-BCEC-496D5AE3B780",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*",
"matchCriteriaId": "38E74E68-7F19-4EF3-AC00-3C249EAAA39E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:18.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0783F0D1-8FAC-4BCA-A6F5-C5C60E86D56D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.0:*:*:*:*:*:*:*",
"matchCriteriaId": "BFB0BB58-04D3-409D-AECC-9633782F0E75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_order_broker:19.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C7BD0D41-1BED-4C4F-95C8-8987C98908DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "47F3EA56-89AF-4AD5-BA19-D32DBDA087A7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:14.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0791694C-9B4E-42EA-8F6C-899B43B6D769",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:15.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "312992F0-E65A-4E38-A44C-363A7E157CE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_price_management:16.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "E1940FD6-39FA-4F92-9625-F215D8051E80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:15.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "78D8F551-8DC8-4510-8350-AE6BC64748DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "490B2C44-CECD-4551-B04F-4076D0E053C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "48EFC111-B01B-4C34-87E4-D6B2C40C0122",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:storagetek_tape_analytics_sw_tool:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E55B3AA9-69BE-4136-8C3A-FD0DDCD3FA4B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*",
"matchCriteriaId": "51309958-121D-4649-AB9A-EBFA3A49F7CB",
"versionEndIncluding": "4.3.0.6.0",
"versionStartIncluding": "4.3.0.1.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:2.2.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D883EED9-CC64-479D-9C0A-35EB16F43AB4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5435B365-BFF3-4A9E-B45C-42D8F1E20FB7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1FAC3840-2CF8-44CE-81BB-EEEBDA00A34A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "3F906F04-39E4-4BE4-8A73-9D058AAADB43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7B393A82-476A-4270-A903-38ED4169E431",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:11.1.1.9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D7756147-7168-4E03-93EE-31379F6BE88E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D6A4F71A-4269-40FC-8F61-1D1301F2B728",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5A502118-5B2B-47AE-82EC-1999BD841103",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:oncommand_api_services:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5EC98B22-FFAA-4B59-8E63-EBAA4336AD13",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*",
"matchCriteriaId": "5735E553-9731-4AAC-BCFF-989377F817B3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snap_creator_framework:-:*:*:*:*:*:*:*",
"matchCriteriaId": "9F4754FB-E3EB-454A-AB1A-AE3835C5350C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*",
"matchCriteriaId": "BDFB1169-41A0-4A86-8E4F-FDA9730B1E94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*",
"matchCriteriaId": "26A2B713-7D6D-420A-93A4-E0D983C983DF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*",
"matchCriteriaId": "64DE38C8-94F1-4860-B045-F33928F676A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "7A5301BF-1402-4BE0-A0F8-69FBE79BC6D6",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
},
{
"lang": "es",
"value": "dom4j versiones anteriores a 2.0.3 y versiones 2.1.x anteriores a 2.1.3, permite DTDs y External Entities por defecto, lo que podr\u00eda permitir ataques de tipo XXE. Sin embargo, existe una documentaci\u00f3n externa popular de OWASP que muestra c\u00f3mo habilitar el comportamiento seguro no predeterminado en cualquier aplicaci\u00f3n que use dom4j."
}
],
"id": "CVE-2020-10683",
"lastModified": "2024-11-21T04:55:50.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-05-01T19:15:12.927",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
},
{
"source": "cve@mitre.org",
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-611"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2024-21215 (GCVE-0-2024-21215)
Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2024-10-17 13:46
VLAI?
Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity ?
7.5 (High)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle WebLogic Server |
Affected:
12.2.1.4.0
Affected: 14.1.1.0.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:45:50.963580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:46:18.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
],
"product": "Oracle WebLogic Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
},
{
"status": "affected",
"version": "14.1.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:43.199Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21215",
"datePublished": "2024-10-15T19:52:43.199Z",
"dateReserved": "2023-12-07T22:28:10.691Z",
"dateUpdated": "2024-10-17T13:46:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21205 (GCVE-0-2024-21205)
Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2025-03-13 13:46
VLAI?
Summary
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Severity ?
6.5 (Medium)
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Service Bus |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:36:39.402322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:46:02.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Service Bus",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:39.956Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21205",
"datePublished": "2024-10-15T19:52:39.956Z",
"dateReserved": "2023-12-07T22:28:10.690Z",
"dateUpdated": "2025-03-13T13:46:02.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21192 (GCVE-0-2024-21192)
Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2024-10-16 14:43
VLAI?
Summary
Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
Severity ?
4.4 (Medium)
CWE
- Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Enterprise Manager for Fusion Middleware |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:42:57.198602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:43:13.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Enterprise Manager for Fusion Middleware",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:35.130Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21192",
"datePublished": "2024-10-15T19:52:35.130Z",
"dateReserved": "2023-12-07T22:28:10.688Z",
"dateUpdated": "2024-10-16T14:43:13.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21191 (GCVE-0-2024-21191)
Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2024-10-16 14:46
VLAI?
Summary
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
Severity ?
7.6 (High)
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Enterprise Manager Fusion Middleware Control |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:enterprise_manager_fusion_middleware_control:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:44:22.106088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:46:43.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:enterprise_manager_fusion_middleware_control:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Enterprise Manager Fusion Middleware Control",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:34.801Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21191",
"datePublished": "2024-10-15T19:52:34.801Z",
"dateReserved": "2023-12-07T22:28:10.688Z",
"dateUpdated": "2024-10-16T14:46:43.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21190 (GCVE-0-2024-21190)
Vulnerability from cvelistv5 – Published: 2024-10-15 19:52 – Updated: 2024-10-16 14:51
VLAI?
Summary
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Severity ?
7.5 (High)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Global Lifecycle Management FMW Installer |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:global_lifecycle_management_fmw_installer:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:48:18.460081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:51:01.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:global_lifecycle_management_fmw_installer:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Global Lifecycle Management FMW Installer",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:16.649Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21190",
"datePublished": "2024-10-15T19:52:16.649Z",
"dateReserved": "2023-12-07T22:28:10.688Z",
"dateUpdated": "2024-10-16T14:51:01.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21994 (GCVE-0-2023-21994)
Vulnerability from cvelistv5 – Published: 2023-07-18 20:18 – Updated: 2024-09-13 18:25
VLAI?
Summary
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Severity ?
6.5 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Mobile Security Suite |
Affected:
* , < 11.1.2.3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:59:28.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:57:31.782186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T18:25:44.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mobile Security Suite",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThan": "11.1.2.3.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T20:18:04.595Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-21994",
"datePublished": "2023-07-18T20:18:04.595Z",
"dateReserved": "2022-12-17T19:26:00.741Z",
"dateUpdated": "2024-09-13T18:25:44.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2351 (GCVE-0-2021-2351)
Vulnerability from cvelistv5 – Published: 2021-07-20 22:43 – Updated: 2024-08-03 16:38
VLAI?
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity ?
8.3 (High)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | WebLogic Server |
Affected:
12.2.1.3.0
Affected: 12.2.1.4.0 Affected: 14.1.1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"name": "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebLogic Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.3.0"
},
{
"status": "affected",
"version": "12.2.1.4.0"
},
{
"status": "affected",
"version": "14.1.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:30:20.233Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"name": "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.1.3.0"
},
{
"version_affected": "=",
"version_value": "12.2.1.4.0"
},
{
"version_affected": "=",
"version_value": "14.1.1.0.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"name": "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"name": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2351",
"datePublished": "2021-07-20T22:43:29",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-08-03T16:38:57.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14750 (GCVE-0-2020-14750)
Vulnerability from cvelistv5 – Published: 2020-11-01 23:50 – Updated: 2025-10-21 23:35
VLAI?
Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Severity ?
9.8 (Critical)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | WebLogic Server |
Affected:
10.3.6.0.0
Affected: 12.1.3.0.0 Affected: 12.2.1.3.0 Affected: 12.2.1.4.0 Affected: 14.1.1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:53:43.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14750",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:40:31.087324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14750"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:33.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14750"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-14750 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WebLogic Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "10.3.6.0.0"
},
{
"status": "affected",
"version": "12.1.3.0.0"
},
{
"status": "affected",
"version": "12.2.1.3.0"
},
{
"status": "affected",
"version": "12.2.1.4.0"
},
{
"status": "affected",
"version": "14.1.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T17:06:12.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-14750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.3.6.0.0"
},
{
"version_affected": "=",
"version_value": "12.1.3.0.0"
},
{
"version_affected": "=",
"version_value": "12.2.1.3.0"
},
{
"version_affected": "=",
"version_value": "12.2.1.4.0"
},
{
"version_affected": "=",
"version_value": "14.1.1.0.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"name": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-14750",
"datePublished": "2020-11-01T23:50:13.000Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:33.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5421 (GCVE-0-2020-5421)
Vulnerability from cvelistv5 – Published: 2020-09-19 03:45 – Updated: 2024-09-17 03:58
VLAI?
Summary
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Severity ?
8.7 (High)
CWE
- CWE-020 - Improper Input Validation
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring by VMware | Spring Framework |
Affected:
4.3 , < 4.3.29
(custom)
Affected: 5.0 , < 5.0.19 (custom) Affected: 5.1 , < 5.1.18 (custom) Affected: 5.2 , < 5.2.9 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
},
{
"name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ignite-user] 20201117 Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Framework",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "4.3.29",
"status": "affected",
"version": "4.3",
"versionType": "custom"
},
{
"lessThan": "5.0.19",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.1.18",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThan": "5.2.9",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-020: Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:08",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
},
{
"name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ignite-user] 20201117 Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RFD Protection Bypass via jsessionid",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-09-17T00:00:00.000Z",
"ID": "CVE-2020-5421",
"STATE": "PUBLIC",
"TITLE": "RFD Protection Bypass via jsessionid"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.29"
},
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.19"
},
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.18"
},
{
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.9"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-020: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5421",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E"
},
{
"name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E"
},
{
"name": "[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ignite-user] 20201117 Query on CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E"
},
{
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E"
},
{
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5421",
"datePublished": "2020-09-19T03:45:13.127845Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:58:43.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10683 (GCVE-0-2020-10683)
Vulnerability from cvelistv5 – Published: 2020-05-01 18:55 – Updated: 2024-08-04 11:06
VLAI?
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0719",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"name": "USN-4575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
},
{
"name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:13:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0719",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"name": "USN-4575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
},
{
"name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0719",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html",
"refsource": "MISC",
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"name": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3",
"refsource": "CONFIRM",
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"name": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658",
"refsource": "CONFIRM",
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200518-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"name": "USN-4575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/dom4j/dom4j/issues/87",
"refsource": "MISC",
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"name": "https://github.com/dom4j/dom4j/commits/version-2.0.3",
"refsource": "MISC",
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E"
},
{
"name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10683",
"datePublished": "2020-05-01T18:55:25",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21215 (GCVE-0-2024-21215)
Vulnerability from nvd – Published: 2024-10-15 19:52 – Updated: 2024-10-17 13:46
VLAI?
Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).
Severity ?
7.5 (High)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle WebLogic Server |
Affected:
12.2.1.4.0
Affected: 14.1.1.0.0 cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21215",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:45:50.963580Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-17T13:46:18.670Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:weblogic_server:12.2.1.4.0:*:*:*:*:*:*:*",
"cpe:2.3:a:oracle:weblogic_server:14.1.1.0.0:*:*:*:*:*:*:*"
],
"product": "Oracle WebLogic Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
},
{
"status": "affected",
"version": "14.1.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:43.199Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21215",
"datePublished": "2024-10-15T19:52:43.199Z",
"dateReserved": "2023-12-07T22:28:10.691Z",
"dateUpdated": "2024-10-17T13:46:18.670Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21205 (GCVE-0-2024-21205)
Vulnerability from nvd – Published: 2024-10-15 19:52 – Updated: 2025-03-13 13:46
VLAI?
Summary
Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N).
Severity ?
6.5 (Medium)
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Service Bus |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21205",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-17T13:36:39.402322Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-13T13:46:02.628Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:service_bus:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Service Bus",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Service Bus. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Service Bus accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:39.956Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21205",
"datePublished": "2024-10-15T19:52:39.956Z",
"dateReserved": "2023-12-07T22:28:10.690Z",
"dateUpdated": "2025-03-13T13:46:02.628Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21192 (GCVE-0-2024-21192)
Vulnerability from nvd – Published: 2024-10-15 19:52 – Updated: 2024-10-16 14:43
VLAI?
Summary
Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N).
Severity ?
4.4 (Medium)
CWE
- Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Enterprise Manager for Fusion Middleware |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21192",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:42:57.198602Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:43:13.942Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:enterprise_manager_for_fusion_middleware:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Enterprise Manager for Fusion Middleware",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Enterprise Manager for Fusion Middleware product of Oracle Fusion Middleware (component: WebLogic Mgmt). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data. CVSS 3.1 Base Score 4.4 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle Enterprise Manager for Fusion Middleware executes to compromise Oracle Enterprise Manager for Fusion Middleware. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager for Fusion Middleware accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:35.130Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21192",
"datePublished": "2024-10-15T19:52:35.130Z",
"dateReserved": "2023-12-07T22:28:10.688Z",
"dateUpdated": "2024-10-16T14:43:13.942Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21191 (GCVE-0-2024-21191)
Vulnerability from nvd – Published: 2024-10-15 19:52 – Updated: 2024-10-16 14:46
VLAI?
Summary
Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N).
Severity ?
7.6 (High)
CWE
- Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Enterprise Manager Fusion Middleware Control |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:enterprise_manager_fusion_middleware_control:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21191",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:44:22.106088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:46:43.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:enterprise_manager_fusion_middleware_control:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Enterprise Manager Fusion Middleware Control",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Enterprise Manager Fusion Middleware Control product of Oracle Fusion Middleware (component: FMW Control Plugin). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data. CVSS 3.1 Base Score 7.6 (Confidentiality and Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.6,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to compromise Oracle Enterprise Manager Fusion Middleware Control. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Oracle Enterprise Manager Fusion Middleware Control, attacks may significantly impact additional products (scope change). Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Enterprise Manager Fusion Middleware Control accessible data as well as unauthorized update, insert or delete access to some of Oracle Enterprise Manager Fusion Middleware Control accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:34.801Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21191",
"datePublished": "2024-10-15T19:52:34.801Z",
"dateReserved": "2023-12-07T22:28:10.688Z",
"dateUpdated": "2024-10-16T14:46:43.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-21190 (GCVE-0-2024-21190)
Vulnerability from nvd – Published: 2024-10-15 19:52 – Updated: 2024-10-16 14:51
VLAI?
Summary
Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N).
Severity ?
7.5 (High)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Oracle Global Lifecycle Management FMW Installer |
Affected:
12.2.1.4.0
cpe:2.3:a:oracle:global_lifecycle_management_fmw_installer:12.2.1.4.0:*:*:*:*:*:*:* |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-21190",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-16T14:48:18.460081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-noinfo Not enough information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-16T14:51:01.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"cpes": [
"cpe:2.3:a:oracle:global_lifecycle_management_fmw_installer:12.2.1.4.0:*:*:*:*:*:*:*"
],
"product": "Oracle Global Lifecycle Management FMW Installer",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.4.0"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Global Lifecycle Management FMW Installer product of Oracle Fusion Middleware (component: Cloning). The supported version that is affected is 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data. CVSS 3.1 Base Score 7.5 (Integrity impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via SFTP to compromise Oracle Global Lifecycle Management FMW Installer. Successful attacks of this vulnerability can result in unauthorized creation, deletion or modification access to critical data or all Oracle Global Lifecycle Management FMW Installer accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-15T19:52:16.649Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2024.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2024-21190",
"datePublished": "2024-10-15T19:52:16.649Z",
"dateReserved": "2023-12-07T22:28:10.688Z",
"dateUpdated": "2024-10-16T14:51:01.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-21994 (GCVE-0-2023-21994)
Vulnerability from nvd – Published: 2023-07-18 20:18 – Updated: 2024-09-13 18:25
VLAI?
Summary
Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).
Severity ?
6.5 (Medium)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data.
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | Mobile Security Suite |
Affected:
* , < 11.1.2.3.1
(custom)
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T09:59:28.596Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-21994",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-13T17:57:31.782186Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-13T18:25:44.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "Mobile Security Suite",
"vendor": "Oracle Corporation",
"versions": [
{
"lessThan": "11.1.2.3.1",
"status": "affected",
"version": "*",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en-US",
"value": "Vulnerability in the Oracle Mobile Security Suite product of Oracle Fusion Middleware (component: Android Mobile Authenticator App). Supported versions that are affected are Prior to 11.1.2.3.1. Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data. CVSS 3.1 Base Score 6.5 (Confidentiality impacts). CVSS Vector: (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "ADJACENT_NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with access to the physical communication segment attached to the hardware where the Oracle Mobile Security Suite executes to compromise Oracle Mobile Security Suite. Successful attacks of this vulnerability can result in unauthorized access to critical data or complete access to all Oracle Mobile Security Suite accessible data.",
"lang": "en-US"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-18T20:18:04.595Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujul2023.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2023-21994",
"datePublished": "2023-07-18T20:18:04.595Z",
"dateReserved": "2022-12-17T19:26:00.741Z",
"dateUpdated": "2024-09-13T18:25:44.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-2351 (GCVE-0-2021-2351)
Vulnerability from nvd – Published: 2021-07-20 22:43 – Updated: 2024-08-03 16:38
VLAI?
Summary
Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: "Changes in Native Network Encryption with the July 2021 Critical Patch Update" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H).
Severity ?
8.3 (High)
CWE
- Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | WebLogic Server |
Affected:
12.2.1.3.0
Affected: 12.2.1.4.0 Affected: 14.1.1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T16:38:57.682Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"name": "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "WebLogic Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "12.2.1.3.0"
},
{
"status": "affected",
"version": "12.2.1.4.0"
},
{
"status": "affected",
"version": "14.1.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-23T18:30:20.233Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"name": "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "Oracle Advisory",
"tags": [
"vendor-advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2023.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2021-2351",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "12.2.1.3.0"
},
{
"version_affected": "=",
"version_value": "12.2.1.4.0"
},
{
"version_affected": "=",
"version_value": "14.1.1.0.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Advanced Networking Option component of Oracle Database Server. Supported versions that are affected are 12.1.0.2, 12.2.0.1 and 19c. Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option. Note: The July 2021 Critical Patch Update introduces a number of Native Network Encryption changes to deal with vulnerability CVE-2021-2351 and prevent the use of weaker ciphers. Customers should review: \"Changes in Native Network Encryption with the July 2021 Critical Patch Update\" (Doc ID 2791571.1). CVSS 3.1 Base Score 8.3 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "8.3",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Difficult to exploit vulnerability allows unauthenticated attacker with network access via Oracle Net to compromise Advanced Networking Option. Successful attacks require human interaction from a person other than the attacker and while the vulnerability is in Advanced Networking Option, attacks may significantly impact additional products. Successful attacks of this vulnerability can result in takeover of Advanced Networking Option."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "20211210 [SYSS-2021-061] Oracle Database - NNE Connection Hijacking",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/19"
},
{
"name": "20211210 [SYSS-2021-062] Oracle Database - Weak NNE Integrity Key Derivation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2021/Dec/20"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165258/Oracle-Database-Weak-NNE-Integrity-Key-Derivation.html"
},
{
"name": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/165255/Oracle-Database-Protection-Mechanism-Bypass.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2021-2351",
"datePublished": "2021-07-20T22:43:29",
"dateReserved": "2020-12-09T00:00:00",
"dateUpdated": "2024-08-03T16:38:57.682Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-14750 (GCVE-0-2020-14750)
Vulnerability from nvd – Published: 2020-11-01 23:50 – Updated: 2025-10-21 23:35
VLAI?
Summary
Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).
Severity ?
9.8 (Critical)
CWE
- Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Oracle Corporation | WebLogic Server |
Affected:
10.3.6.0.0
Affected: 12.1.3.0.0 Affected: 12.2.1.3.0 Affected: 12.2.1.4.0 Affected: 14.1.1.0.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T12:53:43.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2020-14750",
"options": [
{
"Exploitation": "active"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-26T18:40:31.087324Z",
"version": "2.0.3"
},
"type": "ssvc"
}
},
{
"other": {
"content": {
"dateAdded": "2021-11-03",
"reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14750"
},
"type": "kev"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-10-21T23:35:33.742Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2020-14750"
}
],
"timeline": [
{
"lang": "en",
"time": "2021-11-03T00:00:00+00:00",
"value": "CVE-2020-14750 added to CISA KEV"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "WebLogic Server",
"vendor": "Oracle Corporation",
"versions": [
{
"status": "affected",
"version": "10.3.6.0.0"
},
{
"status": "affected",
"version": "12.1.3.0.0"
},
{
"status": "affected",
"version": "12.2.1.3.0"
},
{
"status": "affected",
"version": "12.2.1.4.0"
},
{
"status": "affected",
"version": "14.1.1.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server.",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-11-19T17:06:12.000Z",
"orgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"shortName": "oracle"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert_us@oracle.com",
"ID": "CVE-2020-14750",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "WebLogic Server",
"version": {
"version_data": [
{
"version_affected": "=",
"version_value": "10.3.6.0.0"
},
{
"version_affected": "=",
"version_value": "12.1.3.0.0"
},
{
"version_affected": "=",
"version_value": "12.2.1.3.0"
},
{
"version_affected": "=",
"version_value": "12.2.1.4.0"
},
{
"version_affected": "=",
"version_value": "14.1.1.0.0"
}
]
}
}
]
},
"vendor_name": "Oracle Corporation"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Console). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server. CVSS 3.1 Base Score 9.8 (Confidentiality, Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)."
}
]
},
"impact": {
"cvss": {
"baseScore": "9.8",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in takeover of Oracle WebLogic Server."
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/alert-cve-2020-14750.html"
},
{
"name": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/160143/Oracle-WebLogic-Server-Administration-Console-Handle-Remote-Code-Execution.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "43595867-4340-4103-b7a2-9a5208d29a85",
"assignerShortName": "oracle",
"cveId": "CVE-2020-14750",
"datePublished": "2020-11-01T23:50:13.000Z",
"dateReserved": "2020-06-19T00:00:00.000Z",
"dateUpdated": "2025-10-21T23:35:33.742Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-5421 (GCVE-0-2020-5421)
Vulnerability from nvd – Published: 2020-09-19 03:45 – Updated: 2024-09-17 03:58
VLAI?
Summary
In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter.
Severity ?
8.7 (High)
CWE
- CWE-020 - Improper Input Validation
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Spring by VMware | Spring Framework |
Affected:
4.3 , < 4.3.29
(custom)
Affected: 5.0 , < 5.0.19 (custom) Affected: 5.1 , < 5.1.18 (custom) Affected: 5.2 , < 5.2.9 (custom) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T08:30:23.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
},
{
"name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ignite-user] 20201117 Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Spring Framework",
"vendor": "Spring by VMware",
"versions": [
{
"lessThan": "4.3.29",
"status": "affected",
"version": "4.3",
"versionType": "custom"
},
{
"lessThan": "5.0.19",
"status": "affected",
"version": "5.0",
"versionType": "custom"
},
{
"lessThan": "5.1.18",
"status": "affected",
"version": "5.1",
"versionType": "custom"
},
{
"lessThan": "5.2.9",
"status": "affected",
"version": "5.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2020-09-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-020: Improper Input Validation",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-19T23:23:08",
"orgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"shortName": "pivotal"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e%40%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a%40%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163%40%3Ccommits.ambari.apache.org%3E"
},
{
"name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5%40%3Cissues.ambari.apache.org%3E"
},
{
"name": "[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074%40%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865%40%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc%40%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ignite-user] 20201117 Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d%40%3Cuser.ignite.apache.org%3E"
},
{
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665%40%3Cissues.hive.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "RFD Protection Bypass via jsessionid",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@pivotal.io",
"DATE_PUBLIC": "2020-09-17T00:00:00.000Z",
"ID": "CVE-2020-5421",
"STATE": "PUBLIC",
"TITLE": "RFD Protection Bypass via jsessionid"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Spring Framework",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "4.3",
"version_value": "4.3.29"
},
{
"version_affected": "\u003c",
"version_name": "5.0",
"version_value": "5.0.19"
},
{
"version_affected": "\u003c",
"version_name": "5.1",
"version_value": "5.1.18"
},
{
"version_affected": "\u003c",
"version_name": "5.2",
"version_value": "5.2.9"
}
]
}
}
]
},
"vendor_name": "Spring by VMware"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Spring Framework versions 5.2.0 - 5.2.8, 5.1.0 - 5.1.17, 5.0.0 - 5.0.18, 4.3.0 - 4.3.28, and older unsupported versions, the protections against RFD attacks from CVE-2015-5211 may be bypassed depending on the browser used through the use of a jsessionid path parameter."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-020: Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://tanzu.vmware.com/security/cve-2020-5421",
"refsource": "CONFIRM",
"url": "https://tanzu.vmware.com/security/cve-2020-5421"
},
{
"name": "[ranger-dev] 20201007 Re: Review Request 72934: RANGER-3022: Upgrade Spring framework to version 4.3.29.RELEASE",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/re014a49d77f038ba70e5e9934d400af6653e8c9ac110d32b1254127e@%3Cdev.ranger.apache.org%3E"
},
{
"name": "[ambari-issues] 20201013 [jira] [Created] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1eccdbd7986618a7319ee7a533bd9d9bf6e8678e59dd4cca9b5b2d7a@%3Cissues.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko opened a new pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r9f13cccb214495e14648d2c9b8f2c6072fd5219e74502dd35ede81e1@%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-dev] 20201019 [GitHub] [ambari] dlysnichenko merged pull request #3246: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r8b496b1743d128e6861ee0ed3c3c48cc56c505b38f84fa5baf7ae33a@%3Cdev.ambari.apache.org%3E"
},
{
"name": "[ambari-commits] 20201019 [ambari] branch branch-2.7 updated: AMBARI-25571. Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421 (dlysnichenko) (#3246)",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r1c679c43fa4f7846d748a937955c7921436d1b315445978254442163@%3Ccommits.ambari.apache.org%3E"
},
{
"name": "[ambari-issues] 20201021 [jira] [Resolved] (AMBARI-25571) Vulnerable Spring components in Ambari - CVE-2020-5398, CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r5c95eff679dfc642e9e4ab5ac6d202248a59cb1e9457cfbe8b729ac5@%3Cissues.ambari.apache.org%3E"
},
{
"name": "[hive-dev] 20201022 [jira] [Created] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rf00d8f4101a1c1ea4de6ea1e09ddf7472cfd306745c90d6da87ae074@%3Cdev.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Assigned] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rc9efaf6db98bee19db1bc911d0fa442287dac5cb229d4aaa08b6a13d@%3Cissues.hive.apache.org%3E"
},
{
"name": "[hive-issues] 20201022 [jira] [Updated] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r7e6a213eea7f04fc6d9e3bd6eb8d68c4df92a22e956e95cb2c482865@%3Cissues.hive.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201022 [GitHub] [pulsar] Ghatage opened a new pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r503e64b43a57fd68229cac4a869d1a9a2eac9e75f8719cad3a840211@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201023 [GitHub] [pulsar] Ghatage commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r918caad55dcc640a16753b00d8d6acb90b4e36de4b6156d0867246ec@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201026 [GitHub] [pulsar] wolfstudy commented on pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r3589ed0d18edeb79028615080d5a0e8878856436bb91774a3196d9eb@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[pulsar-commits] 20201028 [GitHub] [pulsar] merlimat merged pull request #8355: [Issue 8354][pulsar-io] Upgrade spring framework version to patch CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb18ed999153ef0f0cb7af03efe0046c42c7242fd77fbd884a75ecfdc@%3Ccommits.pulsar.apache.org%3E"
},
{
"name": "[ignite-user] 20201117 Query on CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/raf7ca57033e537e4f9d7df7f192fa6968c1e49409b2348e08d807ccb@%3Cuser.ignite.apache.org%3E"
},
{
"name": "[ignite-user] 20201119 Re: Query on CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/ra889d95141059c6cbe77dd80249bb488ae53b274b5f3abad09d9511d@%3Cuser.ignite.apache.org%3E"
},
{
"name": "[hive-issues] 20210107 [jira] [Resolved] (HIVE-24303) Upgrade spring framework to 4.3.29.RELEASE+ due to CVE-2020-5421",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rd462a8b0dfab4c15e67c0672cd3c211ecd0e4f018f824082ed54f665@%3Cissues.hive.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://security.netapp.com/advisory/ntap-20210513-0009/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20210513-0009/"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
}
]
},
"source": {
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "862b2186-222f-48b9-af87-f1fb7bb26d03",
"assignerShortName": "pivotal",
"cveId": "CVE-2020-5421",
"datePublished": "2020-09-19T03:45:13.127845Z",
"dateReserved": "2020-01-03T00:00:00",
"dateUpdated": "2024-09-17T03:58:43.873Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10683 (GCVE-0-2020-10683)
Vulnerability from nvd – Published: 2020-05-01 18:55 – Updated: 2024-08-04 11:06
VLAI?
Summary
dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:06:11.156Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "openSUSE-SU-2020:0719",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"name": "USN-4575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
},
{
"name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2020-04-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-25T16:13:36",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "openSUSE-SU-2020:0719",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"name": "USN-4575-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8%40%3Cdev.velocity.apache.org%3E"
},
{
"name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32%40%3Cdev.velocity.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51%40%3Cnotifications.freemarker.apache.org%3E"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10683",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "dom4j before 2.0.3 and 2.1.x before 2.1.3 allows external DTDs and External Entities by default, which might enable XXE attacks. However, there is popular external documentation from OWASP showing how to enable the safe, non-default behavior in any application that uses dom4j."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "openSUSE-SU-2020:0719",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00061.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2020.html"
},
{
"name": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html",
"refsource": "MISC",
"url": "https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1694235"
},
{
"name": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3",
"refsource": "CONFIRM",
"url": "https://github.com/dom4j/dom4j/releases/tag/version-2.1.3"
},
{
"name": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658",
"refsource": "CONFIRM",
"url": "https://github.com/dom4j/dom4j/commit/a8228522a99a02146106672a34c104adbda5c658"
},
{
"name": "https://security.netapp.com/advisory/ntap-20200518-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20200518-0002/"
},
{
"name": "USN-4575-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/4575-1/"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2020.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2020.html"
},
{
"name": "https://github.com/dom4j/dom4j/issues/87",
"refsource": "MISC",
"url": "https://github.com/dom4j/dom4j/issues/87"
},
{
"name": "https://github.com/dom4j/dom4j/commits/version-2.0.3",
"refsource": "MISC",
"url": "https://github.com/dom4j/dom4j/commits/version-2.0.3"
},
{
"name": "[velocity-dev] 20201203 Use of external DTDs - CVE-2020-10683",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r51f3f9801058e47153c0ad9bc6209d57a592fc0e7aefd787760911b8@%3Cdev.velocity.apache.org%3E"
},
{
"name": "[velocity-dev] 20201203 Re: Use of external DTDs - CVE-2020-10683",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/r91c64cd51e68e97d524395474eaa25362d564572276b9917fcbf5c32@%3Cdev.velocity.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpuApr2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuApr2021.html"
},
{
"name": "https://www.oracle.com//security-alerts/cpujul2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"name": "[freemarker-notifications] 20210906 [jira] [Created] (FREEMARKER-190) The jar dom4j has known security issue that Freemarker compiles dependend on it",
"refsource": "MLIST",
"url": "https://lists.apache.org/thread.html/rb1b990d7920ae0d50da5109b73b92bab736d46c9788dd4b135cb1a51@%3Cnotifications.freemarker.apache.org%3E"
},
{
"name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujan2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10683",
"datePublished": "2020-05-01T18:55:25",
"dateReserved": "2020-03-20T00:00:00",
"dateUpdated": "2024-08-04T11:06:11.156Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}