cvelistv5 - CVE-2016-1181

CVE-2016-1181 (GCVE-0-2016-1181)

Vulnerability from cvelistv5 – Published: 2016-07-04 22:00 – Updated: 2024-08-05 22:48

Summary

ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.

Severity ?

No CVSS data available.

CWE

Assigner

jpcert

References

URL

GHSA-7JW3-5Q4W-89QG

Vulnerability from github – Published: 2022-05-13 01:25 – Updated: 2025-10-13 12:03

Summary

Improper Input Validation in Apache Struts

Details

Severity ?

8.1 (High)


                  
                    CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.apache.struts:struts-core"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.3.10"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "struts:struts"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "last_affected": "1.2.9"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2016-1181"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-07-06T20:02:51Z",
    "nvd_published_at": "2016-07-04T22:59:00Z",
    "severity": "HIGH"
  },
  "details": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.",
  "id": "GHSA-7jw3-5q4w-89qg",
  "modified": "2025-10-13T12:03:00Z",
  "published": "2022-05-13T01:25:20Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-1181"
    },
    {
      "type": "WEB",
      "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/apache/struts"
    },
    {
      "type": "WEB",
      "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20180629-0006"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "http://jvn.jp/en/jp/JVN03188560/index.html"
    },
    {
      "type": "WEB",
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Input Validation in Apache Struts"
}

JVNDB-2016-000096

Vulnerability from jvndb - Published: 2016-06-07 16:26 - Updated:2017-02-20 15:42

Severity ?

8.1 (High) - cvssV3_0 - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

Apache Struts 1 vulnerability that allows unintended remote operations against components on memory

Details

The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met: Condition 1: When the following ActionForm (including its subclasses) are in the session scope, and multiple threads that process the same session can access the same ActionForm instance * ActionForm (not including claesses that implement DynaBean interface, such as DynaActionForm and its subclasses) * ValidatingActionForm * ValidatorForm * ValidatorActionForm Condition 2: Can process multi-part requests (This condition applies whether or not the web application uses multi-part forms)

References

Type

URL

	JVN	https://jvn.jp/en/jp/JVN03188560/index.html
	JVN	http://jvn.jp/en/vu/JVNVU91417143/
	CVE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181
	NVD	https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1181
	Related document	https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8
	No Mapping(CWE-Other)	https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html

Impacted products

Vendor

Product

Apache Software Foundation

Apache Struts

Show details on JVN DB website

JSON

To clipboard

{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000096.html",
  "dc:date": "2017-02-20T15:42+09:00",
  "dcterms:issued": "2016-06-07T16:26+09:00",
  "dcterms:modified": "2017-02-20T15:42+09:00",
  "description": "The Apache Sturts 1 ActionForm contains a vulnerability which allows unintended remote operations against components on server memory, such as Servlets and ClassLoader, when the following 2 conditions are met:\r\n\r\nCondition 1:\r\nWhen the following ActionForm (including its subclasses) are in the session scope, and multiple threads that process the same session can access the same ActionForm instance\r\n* ActionForm (not including claesses that implement DynaBean interface, such as DynaActionForm and its subclasses)\r\n* ValidatingActionForm\r\n* ValidatorForm\r\n* ValidatorActionForm\r\n\r\nCondition 2:\r\nCan process multi-part requests\r\n(This condition applies whether or not the web application uses multi-part forms)",
  "link": "https://jvndb.jvn.jp/en/contents/2016/JVNDB-2016-000096.html",
  "sec:cpe": {
    "#text": "cpe:/a:apache:struts",
    "@product": "Apache Struts",
    "@vendor": "Apache Software Foundation",
    "@version": "2.2"
  },
  "sec:cvss": [
    {
      "@score": "6.8",
      "@severity": "Medium",
      "@type": "Base",
      "@vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
      "@version": "2.0"
    },
    {
      "@score": "8.1",
      "@severity": "High",
      "@type": "Base",
      "@vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
      "@version": "3.0"
    }
  ],
  "sec:identifier": "JVNDB-2016-000096",
  "sec:references": [
    {
      "#text": "https://jvn.jp/en/jp/JVN03188560/index.html",
      "@id": "JVN#03188560",
      "@source": "JVN"
    },
    {
      "#text": "http://jvn.jp/en/vu/JVNVU91417143/",
      "@id": "JVNVU#91417143",
      "@source": "JVN"
    },
    {
      "#text": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-1181",
      "@id": "CVE-2016-1181",
      "@source": "CVE"
    },
    {
      "#text": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1181",
      "@id": "CVE-2016-1181",
      "@source": "NVD"
    },
    {
      "#text": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
      "@id": "Fixed CVE-2016-1181 and CVE-2016-1182 ",
      "@source": "Related document"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-Other",
      "@title": "No Mapping(CWE-Other)"
    }
  ],
  "title": "Apache Struts 1 vulnerability that allows unintended remote operations against components on memory"
}

WID-SEC-W-2025-1212

Vulnerability from csaf_certbund - Published: 2019-04-16 22:00 - Updated: 2025-06-02 22:00

Summary

Oracle Communications Applications: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Mit der Unified Communications Suite bietet Oracle eine Messaging- und Collaboration-Plattform an. Oracle Communications Policy Management ist ein Produkt von Oracle und vereint mehrere Bereiche der Kommunikation. Oracle Communications Unified Inventory Management (UIM) ist eine offene, standardbasierte Anwendung, die eine Bestandsaufnahme von Kommunikationsdiensten und -ressourcen ermöglicht.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Mit der Unified Communications Suite bietet Oracle eine Messaging- und Collaboration-Plattform an.\r\nOracle Communications Policy Management ist ein Produkt von Oracle und vereint mehrere Bereiche der Kommunikation.\r\nOracle Communications Unified Inventory Management (UIM) ist eine offene, standardbasierte Anwendung, die eine Bestandsaufnahme von Kommunikationsdiensten und -ressourcen erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1212 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-1212.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1212 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1212"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixCGBU"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4218-1 vom 2019-12-11",
        "url": "https://usn.ubuntu.com/4218-1/"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
        "url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-03T09:23:36.426+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1212",
      "initial_release_date": "2019-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-04-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Schreibfehler korrigiert"
        },
        {
          "date": "2019-12-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-06-02T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Oracle Communications EAGLE LNP Application Processor 10.0",
                  "product_id": "T014014",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_eagle_lnp_application_processor:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.1",
                "product": {
                  "name": "Oracle Communications EAGLE LNP Application Processor 10.1",
                  "product_id": "T014015",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_eagle_lnp_application_processor:10.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.2",
                "product": {
                  "name": "Oracle Communications EAGLE LNP Application Processor 10.2",
                  "product_id": "T014016",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_eagle_lnp_application_processor:10.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications EAGLE LNP Application Processor"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "13.1",
                "product": {
                  "name": "Oracle Communications LSMS 13.1",
                  "product_id": "T006217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_lsms:13.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.2",
                "product": {
                  "name": "Oracle Communications LSMS 13.2",
                  "product_id": "T014017",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_lsms:13.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.3",
                "product": {
                  "name": "Oracle Communications LSMS 13.3",
                  "product_id": "T014018",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_lsms:13.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications LSMS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.1",
                "product": {
                  "name": "Oracle Communications Messaging Server 8.1",
                  "product_id": "T014019",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_messaging_server:8.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Oracle Communications Messaging Server 8.0",
                  "product_id": "T014020",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_messaging_server:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Messaging Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2",
                "product": {
                  "name": "Oracle Communications Policy Management 12.2",
                  "product_id": "T009732",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1",
                "product": {
                  "name": "Oracle Communications Policy Management 12.1",
                  "product_id": "T014021",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.3",
                "product": {
                  "name": "Oracle Communications Policy Management 12.3",
                  "product_id": "T014022",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.4",
                "product": {
                  "name": "Oracle Communications Policy Management 12.4",
                  "product_id": "T014023",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Policy Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6",
                "product": {
                  "name": "Oracle Communications Service Broker 6.0",
                  "product_id": "329193",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_service_broker:6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Service Broker"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.2.0",
                "product": {
                  "name": "Oracle Communications Session Border Controller 8.2.0",
                  "product_id": "T014024",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_session_border_controller:8.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0",
                "product": {
                  "name": "Oracle Communications Session Border Controller 8.1.0",
                  "product_id": "T014025",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_session_border_controller:8.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0",
                "product": {
                  "name": "Oracle Communications Session Border Controller 8.0.0",
                  "product_id": "T014026",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_session_border_controller:8.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1.0",
                "product": {
                  "name": "Oracle Enterprise Communications Broker 3.1.0",
                  "product_id": "T014030",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:enterprise_communications_broker:3.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.0.0",
                "product": {
                  "name": "Oracle Enterprise Communications Broker 3.0.0",
                  "product_id": "T014031",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:enterprise_communications_broker:3.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Communications Broker"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Xerox FreeFlow Print Server 9",
                  "product_id": "T002977",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.4.0",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.4.0",
                  "product_id": "T013407",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.5",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.3.5",
                  "product_id": "T014027",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.3.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.2",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.3.2",
                  "product_id": "T014028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.3.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.4",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.3.4",
                  "product_id": "T014029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.3.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "communications_unified_inventory_management"
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-9251",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2015-9251"
    },
    {
      "cve": "CVE-2016-1000031",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1000031"
    },
    {
      "cve": "CVE-2016-1181",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1181"
    },
    {
      "cve": "CVE-2016-1182",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1182"
    },
    {
      "cve": "CVE-2016-7055",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-7055"
    },
    {
      "cve": "CVE-2016-8735",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-8735"
    },
    {
      "cve": "CVE-2017-0861",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-0861"
    },
    {
      "cve": "CVE-2017-12617",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-12617"
    },
    {
      "cve": "CVE-2017-15265",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-15265"
    },
    {
      "cve": "CVE-2017-3730",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3730"
    },
    {
      "cve": "CVE-2017-3731",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3731"
    },
    {
      "cve": "CVE-2017-3732",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3732"
    },
    {
      "cve": "CVE-2017-3733",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3733"
    },
    {
      "cve": "CVE-2017-3735",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3735"
    },
    {
      "cve": "CVE-2017-3736",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3736"
    },
    {
      "cve": "CVE-2017-3738",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3738"
    },
    {
      "cve": "CVE-2017-5645",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5645"
    },
    {
      "cve": "CVE-2017-5664",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5664"
    },
    {
      "cve": "CVE-2017-5753",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5753"
    },
    {
      "cve": "CVE-2017-5754",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5754"
    },
    {
      "cve": "CVE-2017-7525",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-7525"
    },
    {
      "cve": "CVE-2018-0732",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0732"
    },
    {
      "cve": "CVE-2018-0733",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0733"
    },
    {
      "cve": "CVE-2018-0734",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0734"
    },
    {
      "cve": "CVE-2018-0737",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0737"
    },
    {
      "cve": "CVE-2018-0739",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0739"
    },
    {
      "cve": "CVE-2018-1000004",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000004"
    },
    {
      "cve": "CVE-2018-1000180",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000180"
    },
    {
      "cve": "CVE-2018-1000613",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000613"
    },
    {
      "cve": "CVE-2018-10901",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-10901"
    },
    {
      "cve": "CVE-2018-11039",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11039"
    },
    {
      "cve": "CVE-2018-11040",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11040"
    },
    {
      "cve": "CVE-2018-11218",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11218"
    },
    {
      "cve": "CVE-2018-11219",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11219"
    },
    {
      "cve": "CVE-2018-11236",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11236"
    },
    {
      "cve": "CVE-2018-11237",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11237"
    },
    {
      "cve": "CVE-2018-11784",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-12384",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-12384"
    },
    {
      "cve": "CVE-2018-12404",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-12404"
    },
    {
      "cve": "CVE-2018-1257",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1257"
    },
    {
      "cve": "CVE-2018-1258",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1258"
    },
    {
      "cve": "CVE-2018-16864",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-16864"
    },
    {
      "cve": "CVE-2018-16865",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-16865"
    },
    {
      "cve": "CVE-2018-16890",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-16890"
    },
    {
      "cve": "CVE-2018-3620",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3620"
    },
    {
      "cve": "CVE-2018-3646",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3646"
    },
    {
      "cve": "CVE-2018-3693",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3693"
    },
    {
      "cve": "CVE-2018-6485",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-6485"
    },
    {
      "cve": "CVE-2018-7489",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-7489"
    },
    {
      "cve": "CVE-2018-7566",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-7566"
    },
    {
      "cve": "CVE-2019-3822",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-3822"
    },
    {
      "cve": "CVE-2019-3823",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-3823"
    }
  ]
}

WID-SEC-W-2024-1277

Vulnerability from csaf_certbund - Published: 2017-04-18 22:00 - Updated: 2024-11-11 23:00

Summary

Oracle Fusion Middleware: Mehrere Schwachstellen

Notes

Produktbeschreibung

Oracle Fusion Middleware bündelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.

Angriff

Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "kritisch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Oracle Fusion Middleware b\u00fcndelt mehrere Produkte zur Erstellung, Betrieb und Management von intelligenten Business Anwendungen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Oracle Fusion Middleware ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1277 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-1277.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1277 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1277"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2017 - Oracle Fusion Middleware vom 2017-04-18",
        "url": "http://www.oracle.com/technetwork/security-advisory/cpuapr2017-3236618.html#AppendixFMW"
      },
      {
        "category": "external",
        "summary": "CISA Known Exploited Vulnerabilities Catalog vom 2024-06-03",
        "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Fusion Middleware: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-11T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-12T10:06:32.931+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-1277",
      "initial_release_date": "2017-04-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2017-04-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initial Release"
        },
        {
          "date": "2017-04-18T22:00:00.000+00:00",
          "number": "2",
          "summary": "n"
        },
        {
          "date": "2017-04-18T22:00:00.000+00:00",
          "number": "3",
          "summary": "Version nicht vorhanden"
        },
        {
          "date": "2024-06-03T22:00:00.000+00:00",
          "number": "4",
          "summary": "Aktive Ausnutzung gemeldet"
        },
        {
          "date": "2024-11-11T23:00:00.000+00:00",
          "number": "5",
          "summary": "Korrektur"
        }
      ],
      "status": "final",
      "version": "5"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Fusion Middleware",
            "product": {
              "name": "Oracle Fusion Middleware",
              "product_id": "T006198",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:fusion_middleware:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Oracle WebCenter Sites",
            "product": {
              "name": "Oracle WebCenter Sites",
              "product_id": "T009734",
              "product_identification_helper": {
                "cpe": "cpe:/a:oracle:webcenter_sites:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-1007",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2012-1007"
    },
    {
      "cve": "CVE-2014-0114",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2014-0114"
    },
    {
      "cve": "CVE-2015-5351",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2015-5351"
    },
    {
      "cve": "CVE-2015-7501",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2015-7501"
    },
    {
      "cve": "CVE-2016-0706",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-0706"
    },
    {
      "cve": "CVE-2016-0714",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-0714"
    },
    {
      "cve": "CVE-2016-0763",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-0763"
    },
    {
      "cve": "CVE-2016-1181",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-1181"
    },
    {
      "cve": "CVE-2016-1182",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-1182"
    },
    {
      "cve": "CVE-2016-2177",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2177"
    },
    {
      "cve": "CVE-2016-2178",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2178"
    },
    {
      "cve": "CVE-2016-2179",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2179"
    },
    {
      "cve": "CVE-2016-2180",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2180"
    },
    {
      "cve": "CVE-2016-2181",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2181"
    },
    {
      "cve": "CVE-2016-2182",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2182"
    },
    {
      "cve": "CVE-2016-2183",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-2183"
    },
    {
      "cve": "CVE-2016-6302",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6302"
    },
    {
      "cve": "CVE-2016-6303",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6303"
    },
    {
      "cve": "CVE-2016-6304",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6304"
    },
    {
      "cve": "CVE-2016-6305",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6305"
    },
    {
      "cve": "CVE-2016-6306",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6306"
    },
    {
      "cve": "CVE-2016-6307",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6307"
    },
    {
      "cve": "CVE-2016-6308",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6308"
    },
    {
      "cve": "CVE-2016-6309",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-6309"
    },
    {
      "cve": "CVE-2016-7052",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2016-7052"
    },
    {
      "cve": "CVE-2017-3230",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3230"
    },
    {
      "cve": "CVE-2017-3499",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3499"
    },
    {
      "cve": "CVE-2017-3506",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3506"
    },
    {
      "cve": "CVE-2017-3507",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3507"
    },
    {
      "cve": "CVE-2017-3531",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3531"
    },
    {
      "cve": "CVE-2017-3540",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3540"
    },
    {
      "cve": "CVE-2017-3541",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3541"
    },
    {
      "cve": "CVE-2017-3542",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3542"
    },
    {
      "cve": "CVE-2017-3543",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3543"
    },
    {
      "cve": "CVE-2017-3545",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3545"
    },
    {
      "cve": "CVE-2017-3553",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3553"
    },
    {
      "cve": "CVE-2017-3554",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3554"
    },
    {
      "cve": "CVE-2017-3591",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3591"
    },
    {
      "cve": "CVE-2017-3593",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3593"
    },
    {
      "cve": "CVE-2017-3594",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3594"
    },
    {
      "cve": "CVE-2017-3595",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3595"
    },
    {
      "cve": "CVE-2017-3596",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3596"
    },
    {
      "cve": "CVE-2017-3597",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3597"
    },
    {
      "cve": "CVE-2017-3598",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3598"
    },
    {
      "cve": "CVE-2017-3601",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3601"
    },
    {
      "cve": "CVE-2017-3602",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3602"
    },
    {
      "cve": "CVE-2017-3603",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3603"
    },
    {
      "cve": "CVE-2017-3625",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3625"
    },
    {
      "cve": "CVE-2017-3626",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-3626"
    },
    {
      "cve": "CVE-2017-5638",
      "notes": [
        {
          "category": "description",
          "text": "In Oracle Fusion Middleware existieren mehrere nicht n\u00e4her beschriebene Schwachstellen. Durch Ausnutzung dieser Schwachstellen kann ein Angreifer die Vertraulichkeit, Integrit\u00e4t und Verf\u00fcgbarkeit gef\u00e4hrden. F\u00fcr die Ausnutzung einiger dieser Schwachstellen ist keine Authentifizierung notwendig. Oracle ver\u00f6ffentlicht keine weiteren Details zu diesen Schwachstellen (au\u00dfer der Information in der Risiko Matrix im Oracle Advisory zum Critical Patch Update, siehe Link unten in diesem Advisory). Aufgrund der knappen Informationslage erfolgt die Bewertung der Schadensh\u00f6he ausschlie\u00dflich auf Basis der CVSS Impact Matrix. Der Maximalwert f\u00fcr diese Produkte ist \"High\" f\u00fcr \"Integrity\", \"Confidentiality\" und \"Availability\" und bewirkt damit eine \"hohe\" Schadensh\u00f6he."
        }
      ],
      "product_status": {
        "known_affected": [
          "T009734",
          "T006198"
        ]
      },
      "release_date": "2017-04-18T22:00:00.000+00:00",
      "title": "CVE-2017-5638"
    }
  ]
}

GSD-2016-1181

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2016-1181

Aliases

CVE-2016-1181

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2016-1181",
    "description": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.",
    "id": "GSD-2016-1181",
    "references": [
      "https://www.suse.com/security/cve/CVE-2016-1181.html",
      "https://advisories.mageia.org/CVE-2016-1181.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2016-1181"
      ],
      "details": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.",
      "id": "GSD-2016-1181",
      "modified": "2023-12-13T01:21:24.077935Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "vultures@jpcert.or.jp",
        "ID": "CVE-2016-1181",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "JVNDB-2016-000096",
            "refsource": "JVNDB",
            "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
          },
          {
            "name": "91068",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91068"
          },
          {
            "name": "1036056",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1036056"
          },
          {
            "name": "JVN#03188560",
            "refsource": "JVN",
            "url": "http://jvn.jp/en/jp/JVN03188560/index.html"
          },
          {
            "name": "91787",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/91787"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
          },
          {
            "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
            "refsource": "CONFIRM",
            "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
          },
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
            "refsource": "CONFIRM",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
          },
          {
            "name": "https://security-tracker.debian.org/tracker/CVE-2016-1181",
            "refsource": "CONFIRM",
            "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,1.3.10]",
          "affected_versions": "All versions up to 1.3.10",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-78",
            "CWE-937"
          ],
          "date": "2022-07-06",
          "description": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.",
          "fixed_versions": [],
          "identifier": "CVE-2016-1181",
          "identifiers": [
            "GHSA-7jw3-5q4w-89qg",
            "CVE-2016-1181"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.apache.struts/struts-core",
          "pubdate": "2022-05-13",
          "solution": "Unfortunately, there is no solution available yet.",
          "title": "Improper Neutralization of Special Elements used in an OS Command (\u0027OS Command Injection\u0027)",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-1181",
            "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
            "https://security-tracker.debian.org/tracker/CVE-2016-1181",
            "https://security.netapp.com/advisory/ntap-20180629-0006/",
            "https://www.oracle.com/security-alerts/cpujan2020.html",
            "https://www.oracle.com/security-alerts/cpujul2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "http://jvn.jp/en/jp/JVN03188560/index.html",
            "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096",
            "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
            "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
            "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
            "https://github.com/advisories/GHSA-7jw3-5q4w-89qg"
          ],
          "uuid": "1712e241-733e-42c6-8e32-aa8622b9786a"
        },
        {
          "affected_range": "[1.0.2],[1.1,1.2.9],[1.3.5,1.3.10]",
          "affected_versions": "All versions starting from 1.0 up to 1.0.2, all versions starting from 1.1 up to 1.2.9, all versions starting from 1.3.5 up to 1.3.10",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2019-04-23",
          "description": "`ActionServlet.java` in Apache Struts mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899.",
          "fixed_versions": [],
          "identifier": "CVE-2016-1181",
          "identifiers": [
            "CVE-2016-1181"
          ],
          "not_impacted": "",
          "package_slug": "maven/struts/struts",
          "pubdate": "2016-07-04",
          "solution": "Unfortunately, there is no solution at the moment.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2016-1181",
            "http://jvn.jp/en/jp/JVN03188560/index.html",
            "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096",
            "http://www.securityfocus.com/bid/91068",
            "http://www.securityfocus.com/bid/91787",
            "http://www.securitytracker.com/id/1036056",
            "https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
            "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
          ],
          "uuid": "3de7992e-ae7d-4a3d-8eaf-f6628670a6c1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:portal:11.1.1.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.3.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.0:beta2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.0:beta3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.3.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "vultures@jpcert.or.jp",
          "ID": "CVE-2016-1181"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking",
                "Patch"
              ],
              "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538",
              "refsource": "CONFIRM",
              "tags": [
                "Issue Tracking"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
            },
            {
              "name": "JVN#03188560",
              "refsource": "JVN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://jvn.jp/en/jp/JVN03188560/index.html"
            },
            {
              "name": "JVNDB-2016-000096",
              "refsource": "JVNDB",
              "tags": [
                "Third Party Advisory",
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
            },
            {
              "name": "https://security-tracker.debian.org/tracker/CVE-2016-1181",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
            },
            {
              "name": "91787",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91787"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
            },
            {
              "name": "91068",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/91068"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
            },
            {
              "name": "1036056",
              "refsource": "SECTRACK",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securitytracker.com/id/1036056"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
            },
            {
              "name": "https://security.netapp.com/advisory/ntap-20180629-0006/",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.8,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-07-15T03:15Z",
      "publishedDate": "2016-07-04T22:59Z"
    }
  }
}

CNVD-2016-03936

Vulnerability from cnvd - Published: 2016-06-13

Title

Apache Struts 1存在多个漏洞

Description

Apache Struts是一个开源项目，是一套用于创建企业级Java Web应用的开源MVC框架，主要提供两个版本框架产品，Struts 1和Struts 2。 Apache Struts存在信息泄露和拒绝服务漏洞，远程攻击者可利用该漏洞获取敏感信息，或进行拒绝服务攻击。

Severity

中

Patch Name

Apache Struts 1存在多个漏洞的补丁

Patch Description

Formal description

用户可参考如下厂商提供的安全补丁以修复该漏洞： https://struts.apache.org/struts1eol-announcement.html

Reference

http://jvn.jp/en/jp/JVN03188560/index.html

Impacted products

Name
Apache struts >=1.0，<=1.3.10

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2016-1181"
    }
  },
  "description": "Apache Struts\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u662f\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u7ea7Java Web\u5e94\u7528\u7684\u5f00\u6e90MVC\u6846\u67b6\uff0c\u4e3b\u8981\u63d0\u4f9b\u4e24\u4e2a\u7248\u672c\u6846\u67b6\u4ea7\u54c1\uff0cStruts 1\u548cStruts 2\u3002\r\n\r\nApache Struts\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6216\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "discovererName": "JVN iPedia",
  "formalWay": "\u7528\u6237\u53ef\u53c2\u8003\u5982\u4e0b\u5382\u5546\u63d0\u4f9b\u7684\u5b89\u5168\u8865\u4e01\u4ee5\u4fee\u590d\u8be5\u6f0f\u6d1e\uff1a\r\nhttps://struts.apache.org/struts1eol-announcement.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-03936",
  "openTime": "2016-06-13",
  "patchDescription": "Apache Struts\u662f\u4e00\u4e2a\u5f00\u6e90\u9879\u76ee\uff0c\u662f\u4e00\u5957\u7528\u4e8e\u521b\u5efa\u4f01\u4e1a\u7ea7Java Web\u5e94\u7528\u7684\u5f00\u6e90MVC\u6846\u67b6\uff0c\u4e3b\u8981\u63d0\u4f9b\u4e24\u4e2a\u7248\u672c\u6846\u67b6\u4ea7\u54c1\uff0cStruts 1\u548cStruts 2\u3002\r\n\r\nApache Struts\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u548c\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u6216\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\u3002",
  "patchName": "Apache Struts 1\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apache struts \u003e=1.0\uff0c\u003c=1.3.10"
  },
  "referenceLink": "http://jvn.jp/en/jp/JVN03188560/index.html",
  "serverity": "\u4e2d",
  "submitTime": "2016-06-10",
  "title": "Apache Struts 1\u5b58\u5728\u591a\u4e2a\u6f0f\u6d1e"
}

FKIE_CVE-2016-1181

Vulnerability from fkie_nvd - Published: 2016-07-04 22:59 - Updated: 2025-04-12 10:46

Severity ?

8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
vultures@jpcert.or.jp	http://jvn.jp/en/jp/JVN03188560/index.html	Vendor Advisory
vultures@jpcert.or.jp	http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096	Third Party Advisory, VDB Entry, Vendor Advisory
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch, Third Party Advisory
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Patch, Third Party Advisory
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch
vultures@jpcert.or.jp	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/91068	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securityfocus.com/bid/91787	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	http://www.securitytracker.com/id/1036056	Third Party Advisory, VDB Entry
vultures@jpcert.or.jp	https://bugzilla.redhat.com/show_bug.cgi?id=1343538	Issue Tracking
vultures@jpcert.or.jp	https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8	Issue Tracking, Patch
vultures@jpcert.or.jp	https://security-tracker.debian.org/tracker/CVE-2016-1181	Third Party Advisory
vultures@jpcert.or.jp	https://security.netapp.com/advisory/ntap-20180629-0006/	Third Party Advisory
vultures@jpcert.or.jp	https://www.oracle.com/security-alerts/cpujan2020.html
vultures@jpcert.or.jp	https://www.oracle.com/security-alerts/cpujul2020.html
vultures@jpcert.or.jp	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
vultures@jpcert.or.jp	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch
vultures@jpcert.or.jp	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html
af854a3a-2127-422b-91ae-364da2661108	http://jvn.jp/en/jp/JVN03188560/index.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096	Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91068	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/91787	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1036056	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1343538	Issue Tracking
af854a3a-2127-422b-91ae-364da2661108	https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8	Issue Tracking, Patch
af854a3a-2127-422b-91ae-364da2661108	https://security-tracker.debian.org/tracker/CVE-2016-1181	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.netapp.com/advisory/ntap-20180629-0006/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html

Impacted products

Vendor	Product	Version
oracle	banking_platform	2.3.0
oracle	banking_platform	2.4.0
oracle	banking_platform	2.4.1
oracle	banking_platform	2.5.0
oracle	portal	11.1.1.6
apache	struts	1.0
apache	struts	1.0
apache	struts	1.0
apache	struts	1.0
apache	struts	1.0.1
apache	struts	1.0.2
apache	struts	1.1
apache	struts	1.1
apache	struts	1.1
apache	struts	1.1
apache	struts	1.1
apache	struts	1.1
apache	struts	1.2.0
apache	struts	1.2.1
apache	struts	1.2.2
apache	struts	1.2.3
apache	struts	1.2.4
apache	struts	1.2.5
apache	struts	1.2.6
apache	struts	1.2.7
apache	struts	1.2.8
apache	struts	1.2.9
apache	struts	1.3.5
apache	struts	1.3.6
apache	struts	1.3.7
apache	struts	1.3.8
apache	struts	1.3.9
apache	struts	1.3.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "653CDB2C-E0B6-4BEF-A725-3C74BFC2BA0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2BEE49E-A5AA-42D3-B422-460454505480",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4FF66F7-10C8-4A1C-910A-EF7D12A4284C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:banking_platform:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "35AD0C07-9688-4397-8D45-FBB88C0F0C11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:portal:11.1.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "DE543F18-45AE-4C8B-A953-0CC7C0F10461",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:apache:struts:1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A5051228-446E-461D-9B5F-8F765C7BA57F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "32FFABC1-74F8-414A-BCC7-7CDC7EB078F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.0:beta2:*:*:*:*:*:*",
              "matchCriteriaId": "1239ED60-1581-4FFB-A5FB-4FB898C1EBDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.0:beta3:*:*:*:*:*:*",
              "matchCriteriaId": "08266BA4-A365-4187-AC98-230E040B3B8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "709E6CEB-461C-4C6C-A3E9-CC37E3AE9E58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE1B8A83-43A4-4C4F-BB95-4D9CAD882D1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A55DDFE1-A8AB-47BB-903E-957FCF3D023D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.1:b1:*:*:*:*:*:*",
              "matchCriteriaId": "93FA9AE3-B453-4FE6-82A9-7DDEF3F6C464",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.1:b2:*:*:*:*:*:*",
              "matchCriteriaId": "A3BB6FBE-469B-4920-A30B-33AD9E41ACCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.1:b3:*:*:*:*:*:*",
              "matchCriteriaId": "34FC82D3-CCAF-4F37-B531-2A9CA17311A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.1:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E0B8B413-8C62-44B6-A382-26F35F4573D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.1:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "6309C679-890A-4214-8857-9F119CBBAA00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "241A8B39-643B-4371-B629-1636F24DDC97",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EE7EF4C-CD6F-4B74-89E3-321706B733FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD882860-03D0-49E9-8CED-DE6663392548",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "95087298-38D2-4ED6-9D99-494AE90F6DE2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDDD509E-9EBF-483F-9546-A1A3A1A3380E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "15BD4B0B-31A2-4DA3-814A-5C959D1BC64A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2ECF5E1-457F-4E76-81F7-65114DC4E1E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2FC81E1A-2779-4FAF-866C-970752CD1828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBD69FAE-C1A3-4213-824A-7DCCE357EB01",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.2.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C34FDB0-2778-4C36-8345-F7E27509A383",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF0302D3-CB8D-4FA7-8F07-C2C7593877BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8FC3685E-CC47-479D-A418-065ADB38EDD5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "805A4E32-2447-49BB-8631-E41DAA221E10",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "03906D34-F3B3-4C56-A6A6-2F7A10168501",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "91CBFC67-BDD8-4579-843A-F93A2661B032",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:apache:struts:1.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B3872B7-2972-433D-96A1-154FA545B311",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "ActionServlet.java in Apache Struts 1 1.x through 1.3.10 mishandles multithreaded access to an ActionForm instance, which allows remote attackers to execute arbitrary code or cause a denial of service (unexpected memory access) via a multipart request, a related issue to CVE-2015-0899."
    },
    {
      "lang": "es",
      "value": "ActionServlet.java en Apache Struts 1 1.x hasta la versi\u00f3n 1.3.10 no maneja adecuadamente accesos multihilo para una instancia ActionForm, lo que permite a atacantes remotos ejecutar c\u00f3digo arbitrario o provocar una denegaci\u00f3n de servicio (acceso inesperado a memoria) a trav\u00e9s de una solicitud multiparte, un problema relacionado con CVE-2015-0899."
    }
  ],
  "id": "CVE-2016-1181",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.1,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.0"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-07-04T22:59:01.617",
  "references": [
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN03188560/index.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91068"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91787"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036056"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "tags": [
        "Patch"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "vultures@jpcert.or.jp",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://jvn.jp/en/jp/JVN03188560/index.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://jvndb.jvn.jp/jvndb/JVNDB-2016-000096"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2016-2881722.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91068"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/91787"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1036056"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1343538"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch"
      ],
      "url": "https://github.com/kawasima/struts1-forever/commit/eda3a79907ed8fcb0387a0496d0cb14332f250e8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security-tracker.debian.org/tracker/CVE-2016-1181"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://security.netapp.com/advisory/ntap-20180629-0006/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "vultures@jpcert.or.jp",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ICSMA-20-184-01

Vulnerability from csaf_cisa - Published: 2020-07-02 00:00 - Updated: 2021-06-15 00:00

Summary

OpenClinic GA (Update B)

Notes

CISA Disclaimer

This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov

Legal Notice

All information products included in https://us-cert.cisa.gov/ics are provided "as is" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.

Risk evaluation

Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code.

Critical infrastructure sectors

Healthcare and Public Health

Countries/areas deployed

Worldwide

Company headquarters location

Open-source

Recommended Practices

CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:

Recommended Practices

CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures. CISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.

Recommended Practices

Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies. Organizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.

Recommended Practices

CISA also recommends users take the following measures to protect themselves from social engineering attacks:

JSON

To clipboard

{
  "document": {
    "acknowledgments": [
      {
        "names": [
          "Brian D. Hysell"
        ],
        "summary": "reporting these vulnerabilities to CISA"
      }
    ],
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Disclosure is not limited",
      "tlp": {
        "label": "WHITE",
        "url": "https://us-cert.cisa.gov/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "This CSAF advisory was extracted from unstructured data and may contain inaccuracies. If you notice any errors, please reach out to the designated contact at CISA CSAF: central@cisa.dhs.gov",
        "title": "CISA Disclaimer"
      },
      {
        "category": "legal_disclaimer",
        "text": "All information products included in https://us-cert.cisa.gov/ics are provided \"as is\" for informational purposes only. The Department of Homeland Security (DHS) does not provide any warranties of any kind regarding any information contained within. DHS does not endorse any commercial product or service, referenced in this product or otherwise. Further dissemination of this product is governed by the Traffic Light Protocol (TLP) marking in the header. For more information about TLP, see https://us-cert.cisa.gov/tlp/.",
        "title": "Legal Notice"
      },
      {
        "category": "summary",
        "text": "Successful exploitation of these vulnerabilities could allow an attacker to bypass authentication, discover restricted information, view/manipulate restricted database information, and/or execute malicious code.",
        "title": "Risk evaluation"
      },
      {
        "category": "other",
        "text": "Healthcare and Public Health",
        "title": "Critical infrastructure sectors"
      },
      {
        "category": "other",
        "text": "Worldwide",
        "title": "Countries/areas deployed"
      },
      {
        "category": "other",
        "text": "Open-source",
        "title": "Company headquarters location"
      },
      {
        "category": "general",
        "text": "CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities. Specifically, users should:",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA reminds organizations to perform proper impact analysis and risk assessment prior to deploying defensive measures.\nCISA also provides a section for control systems security recommended practices on the ICS webpage onus-cert.cisa.gov. Several recommended practices are available for reading and download, including Improving Industrial Control Systems Cybersecurity with Defense-in-Depth Strategies.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "Additional mitigation guidance and recommended practices are publicly available on the ICS webpage on us-cert.cisa.gov in the Technical Information Paper, ICS-TIP-12-146-01B--Targeted Cyber Intrusion Detection and Mitigation Strategies.\nOrganizations observing any suspected malicious activity should follow their established internal procedures and report their findings to CISA for tracking and correlation against other incidents.",
        "title": "Recommended Practices"
      },
      {
        "category": "general",
        "text": "CISA also recommends users take the following measures to protect themselves from social engineering attacks:",
        "title": "Recommended Practices"
      }
    ],
    "publisher": {
      "category": "coordinator",
      "contact_details": "Email: CISAservicedesk@cisa.dhs.gov;\n Toll Free: 1-888-282-0870",
      "name": "CISA",
      "namespace": "https://www.cisa.gov/"
    },
    "references": [
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-20-184-01 JSON",
        "url": "https://raw.githubusercontent.com/cisagov/CSAF/develop/csaf_files/OT/white/2020/icsma-20-184-01.json"
      },
      {
        "category": "self",
        "summary": "ICS Advisory ICSMA-20-184-01 Web Version",
        "url": "https://www.cisa.gov/news-events/ics-medical-advisories/icsma-20-184-01"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ncas/tips/ST04-014"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/sites/default/files/recommended_practices/NCCIC_ICS-CERT_Defense_in_Depth_2016_S508C.pdf"
      },
      {
        "category": "external",
        "summary": "Recommended Practices",
        "url": "https://us-cert.cisa.gov/ics/tips/ICS-TIP-12-146-01B"
      }
    ],
    "title": "OpenClinic GA (Update B)",
    "tracking": {
      "current_release_date": "2021-06-15T00:00:00.000000Z",
      "generator": {
        "engine": {
          "name": "CISA CSAF Generator",
          "version": "1.0.0"
        }
      },
      "id": "ICSMA-20-184-01",
      "initial_release_date": "2020-07-02T00:00:00.000000Z",
      "revision_history": [
        {
          "date": "2020-07-02T00:00:00.000000Z",
          "legacy_version": "Initial",
          "number": "1",
          "summary": "ICSMA-20-184-01 OpenClinic GA"
        },
        {
          "date": "2020-08-27T00:00:00.000000Z",
          "legacy_version": "A",
          "number": "2",
          "summary": "ICSMA-20-184-01 OpenClinic GA (Update A)"
        },
        {
          "date": "2021-06-15T00:00:00.000000Z",
          "legacy_version": "B",
          "number": "3",
          "summary": "ICSMA-20-184-01 OpenClinic GA (Update B)"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.09.02",
                "product": {
                  "name": "OpenClinic GA: Version 5.09.02",
                  "product_id": "CSAFPID-0001"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenClinic GA"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "5.89.05b",
                "product": {
                  "name": "OpenClinic GA: Version 5.89.05b",
                  "product_id": "CSAFPID-0002"
                }
              }
            ],
            "category": "product_name",
            "name": "OpenClinic GA"
          }
        ],
        "category": "vendor",
        "name": "OpenClinic GA"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-14485",
      "cwe": {
        "id": "CWE-288",
        "name": "Authentication Bypass Using an Alternate Path or Channel"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker may bypass client-side access controls or use a crafted request to initiate a session with limited functionality, which may allow execution of admin functions such as SQL queries.CVE-2020-14485 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14485"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14484",
      "cwe": {
        "id": "CWE-307",
        "name": "Improper Restriction of Excessive Authentication Attempts"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker can bypass the system \u0027s account lockout protection, which may allow brute force password attacks.CVE-2020-14484 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14484"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14494",
      "cwe": {
        "id": "CWE-287",
        "name": "Improper Authentication"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An authentication mechanism within the system does not contain sufficient complexity to protect against brute force attacks, which may allow unauthorized users to access the system after no more than a fixed maximum number of attempts.CVE-2020-14494 has been assigned to this vulnerability. A CVSS v3 base score of 7.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14494"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14491",
      "cwe": {
        "id": "CWE-862",
        "name": "Missing Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The system does not properly check permissions before executing SQL queries, which may allow a low-privilege user to access privileged information.CVE-2020-14491 has been assigned to this vulnerability. A CVSS v3 base score of 8.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14491"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.3,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14488",
      "cwe": {
        "id": "CWE-250",
        "name": "Execution with Unnecessary Privileges"
      },
      "notes": [
        {
          "category": "summary",
          "text": "A low-privilege user may use SQL syntax to write arbitrary files to the server, which may allow the execution of arbitrary commands.CVE-2020-14493 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).CVE-2020-14488 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14488"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14490",
      "cwe": {
        "id": "CWE-434",
        "name": "Unrestricted Upload of File with Dangerous Type"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The system does not properly verify uploaded files, which may allow a low-privilege user to upload and execute arbitrary files on the system.CVE-2020-14490 has been assigned to this vulnerability. A CVSS v3 base score of 8.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14490"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14486",
      "cwe": {
        "id": "CWE-22",
        "name": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The system includes arbitrary local files specified within its parameter and executes some files, which may allow disclosure of sensitive files or the execution of malicious uploaded files.CVE-2020-14486 has been assigned to this vulnerability. A CVSS v3 base score of 6.3 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14486"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2020-14492",
      "cwe": {
        "id": "CWE-285",
        "name": "Improper Authorization"
      },
      "notes": [
        {
          "category": "summary",
          "text": "An attacker may bypass permission/authorization checks by ignoring the redirect of a permission failure, which may allow unauthorized execution of commands.CVE-2020-14492 has been assigned to this vulnerability. A CVSS v3 base score of 5.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14492"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2014-0114",
      "cwe": {
        "id": "CWE-79",
        "name": "Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The system does not properly neutralize user-controllable input, which may allow the execution of malicious code within the user \u0027s browser.CVE-2014-0114, CVE-2016-1181, and CVE-2016-1182 are related to this vulnerability.A CVSS v3 base score of 9.8 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0114"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1181"
        },
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1182"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-1181",
      "cwe": {
        "id": "CWE-1104",
        "name": "Use of Unmaintained Third Party Components"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The system contains third-party software versions that are end-of-life and contain known vulnerabilities, which may allow remote code execution.CVE-2020-14489 has been assigned to this vulnerability. A CVSS v3 base score of 6.2 has been calculated; the CVSS vector string is (AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N).",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14489"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.2,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    },
    {
      "cve": "CVE-2016-1182",
      "cwe": {
        "id": "CWE-522",
        "name": "Insufficiently Protected Credentials"
      },
      "notes": [
        {
          "category": "summary",
          "text": "The system stores passwords using inadequate hashing complexity, which may allow an attacker to recover passwords using known password cracking techniques.CVE-2020-14487 has been assigned to this vulnerability. A CVSS v3 base score of 9.4 has been calculated; the CVSS vector string is (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L).\n",
          "title": "Vulnerability Summary"
        }
      ],
      "product_status": {
        "known_affected": [
          "CSAFPID-0001",
          "CSAFPID-0002"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "web.nvd.nist.gov",
          "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14487"
        },
        {
          "category": "external",
          "summary": "www.first.org",
          "url": "https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "OpenClinic GA has released an updated version to resolve these vulnerabilities, and recommend users upgrade to Version 5.170.5 or later.",
          "product_ids": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ],
          "url": "https://sourceforge.net/projects/open-clinic/files/"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 9.4,
            "baseSeverity": "CRITICAL",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L",
            "version": "3.0"
          },
          "products": [
            "CSAFPID-0001",
            "CSAFPID-0002"
          ]
        }
      ]
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2016-1181 (GCVE-0-2016-1181)

Tags

Sightings

Nomenclature