CVE-2021-29505 (GCVE-0-2021-29505)

Vulnerability from cvelistv5 – Published: 2021-05-28 21:00 – Updated: 2025-05-29 23:30
VLAI
Title
XStream is vulnerable to a Remote Command Execution attack
Summary
XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.
Severity
7.5 (High)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CWE
  • CWE-94 - Improper Control of Generation of Code ('Code Injection')
  • CWE-502 - Deserialization of Untrusted Data
Assigner
References
URL Tags
https://github.com/x-stream/xstream/security/advi… x_refsource_CONFIRM
https://github.com/x-stream/xstream/commit/24fac8… x_refsource_MISC
https://github.com/x-stream/xstream/commit/f0c4a8… x_refsource_MISC
https://lists.apache.org/thread.html/r8ee51debf7f… x_refsource_MISC
https://lists.debian.org/debian-lts-announce/2021… x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
https://lists.fedoraproject.org/archives/list/pac… x_refsource_MISC
https://security.netapp.com/advisory/ntap-20210708-0007 x_refsource_MISC
https://www.debian.org/security/2021/dsa-5004 x_refsource_MISC
https://www.oracle.com/security-alerts/cpuapr2022.html x_refsource_MISC
https://www.oracle.com/security-alerts/cpujan2022.html x_refsource_MISC
https://www.oracle.com/security-alerts/cpujul2022.html x_refsource_MISC
https://www.oracle.com/security-alerts/cpuoct2021.html x_refsource_MISC
https://x-stream.github.io/CVE-2021-29505.html x_refsource_MISC
https://lists.apache.org/thread.html/r8ee51debf7f… mailing-listx_refsource_MLISTx_transferred
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORAx_transferred
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORAx_transferred
https://security.netapp.com/advisory/ntap-2021070… x_refsource_CONFIRMx_transferred
https://lists.fedoraproject.org/archives/list/pac… vendor-advisoryx_refsource_FEDORAx_transferred
Impacted products
Vendor Product Version
x-stream xstream Affected: < 1.4.17
Create a notification for this product.
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:11:05.321Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f"
          },
          {
            "name": "[jmeter-dev] 20210607 [GitHub] [jmeter] sseide opened a new pull request #667: update x-stream to 1.4.17 (from 1.4.16)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E"
          },
          {
            "name": "[debian-lts-announce] 20210705 [SECURITY] [DLA 2704-1] libxstream-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html"
          },
          {
            "name": "FEDORA-2021-fbad11014a",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/"
          },
          {
            "name": "FEDORA-2021-d894ca87dc",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://security.netapp.com/advisory/ntap-20210708-0007/"
          },
          {
            "name": "FEDORA-2021-5e376c0ed9",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/"
          },
          {
            "name": "DSA-5004",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-5004"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xstream",
          "vendor": "x-stream",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 1.4.17"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-502",
              "description": "CWE-502: Deserialization of Untrusted Data",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2025-05-29T23:30:31.977Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc"
        },
        {
          "name": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f"
        },
        {
          "name": "https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227"
        },
        {
          "name": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E"
        },
        {
          "name": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7"
        },
        {
          "name": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB"
        },
        {
          "name": "https://security.netapp.com/advisory/ntap-20210708-0007",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://security.netapp.com/advisory/ntap-20210708-0007"
        },
        {
          "name": "https://www.debian.org/security/2021/dsa-5004",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.debian.org/security/2021/dsa-5004"
        },
        {
          "name": "https://www.oracle.com/security-alerts/cpuapr2022.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"
        },
        {
          "name": "https://www.oracle.com/security-alerts/cpujan2022.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2022.html"
        },
        {
          "name": "https://www.oracle.com/security-alerts/cpujul2022.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2022.html"
        },
        {
          "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        },
        {
          "name": "https://x-stream.github.io/CVE-2021-29505.html",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://x-stream.github.io/CVE-2021-29505.html"
        }
      ],
      "source": {
        "advisory": "GHSA-7chv-rrw6-w6fc",
        "discovery": "UNKNOWN"
      },
      "title": "XStream is vulnerable to a Remote Command Execution attack"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-29505",
    "datePublished": "2021-05-28T21:00:19.000Z",
    "dateReserved": "2021-03-30T00:00:00.000Z",
    "dateUpdated": "2025-05-29T23:30:31.977Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2021-29505",
      "date": "2026-06-10",
      "epss": "0.90349",
      "percentile": "0.99619"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xstream_project:xstream:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.4.17\", \"matchCriteriaId\": \"0B52FEE1-8DD4-470E-BB3E-AEB351910103\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A930E247-0B43-43CB-98FF-6CE7B8189835\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*\", \"matchCriteriaId\": \"26A2B713-7D6D-420A-93A4-E0D983C983DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\", \"matchCriteriaId\": \"64DE38C8-94F1-4860-B045-F33928F676A8\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_cash_management:14.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3DBD5E57-CC8B-4180-ACBD-BD067D0801D2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_cash_management:14.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"071E67EC-DC5A-4BD1-AC8F-6266E6436FF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"626C6209-8BC3-4954-BF0C-51500582457E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0CF9A061-2421-426D-9854-0A4E55B2961D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F95EDC3D-54BB-48F9-82F2-7CCF335FCA78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B72B735F-4E52-484A-9C2C-23E6E2070385\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B36A1D4-F391-4EE3-9A65-0A10568795BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0275F820-40BE-47B8-B167-815A55DF578E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A8420D4-AAF1-44AA-BF28-48EE3ED310B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B185C1EA-71E6-4972-8637-08A33CC00841\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CC723E79-8F35-417B-B9D9-6A707F74C1EE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5700C2E9-5FF2-48EF-AD85-3C03EDA76536\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA8461A2-428C-4817-92A9-0C671545698D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"512E0604-4D40-49CE-8142-89379A226913\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F5726AE4-4F63-4793-8948-0546DAA2D50D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"490B2C44-CECD-4551-B04F-4076D0E053C7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5A502118-5B2B-47AE-82EC-1999BD841103\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D551CAB1-4312-44AA-BDA8-A030817E153A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"174A6D2E-E42E-4C92-A194-C6A820CD7EF4\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.\"}, {\"lang\": \"es\", \"value\": \"XStream es un software para serializar objetos Java a XML y viceversa. Una vulnerabilidad en las versiones de XStream anteriores a la versi\\u00f3n 1.4.17 puede permitir a un atacante remoto que tenga derechos suficientes ejecutar comandos del host s\\u00f3lo manipulando el flujo de entrada procesado. Ning\\u00fan usuario que haya seguido la recomendaci\\u00f3n de configurar el marco de seguridad de XStream con una lista blanca limitada a los tipos m\\u00ednimos necesarios est\\u00e1 afectado. La vulnerabilidad est\\u00e1 parcheada en la versi\\u00f3n 1.4.17\"}]",
      "id": "CVE-2021-29505",
      "lastModified": "2024-11-21T06:01:15.997",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:P/I:P/A:P\", \"baseScore\": 6.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-05-28T21:15:08.713",
      "references": "[{\"url\": \"https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210708-0007/\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-5004\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.netapp.com/advisory/ntap-20210708-0007/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-5004\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuapr2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}, {\"lang\": \"en\", \"value\": \"CWE-502\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-502\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-29505\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2021-05-28T21:15:08.713\",\"lastModified\":\"2025-05-30T00:15:20.543\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XStream is software for serializing Java objects to XML and back again. A vulnerability in XStream versions prior to 1.4.17 may allow a remote attacker has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user who followed the recommendation to setup XStream\u0027s security framework with a whitelist limited to the minimal required types is affected. The vulnerability is patched in version 1.4.17.\"},{\"lang\":\"es\",\"value\":\"XStream es un software para serializar objetos Java a XML y viceversa. Una vulnerabilidad en las versiones de XStream anteriores a la versi\u00f3n 1.4.17 puede permitir a un atacante remoto que tenga derechos suficientes ejecutar comandos del host s\u00f3lo manipulando el flujo de entrada procesado. Ning\u00fan usuario que haya seguido la recomendaci\u00f3n de configurar el marco de seguridad de XStream con una lista blanca limitada a los tipos m\u00ednimos necesarios est\u00e1 afectado. La vulnerabilidad est\u00e1 parcheada en la versi\u00f3n 1.4.17\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:P/I:P/A:P\",\"baseScore\":6.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"},{\"lang\":\"en\",\"value\":\"CWE-502\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-502\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xstream:xstream:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.4.17\",\"matchCriteriaId\":\"67DC253F-06E0-424B-B513-9CBE00459004\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80E516C0-98A4-4ADE-B69F-66A772E2BAAA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:oracle:*:*\",\"matchCriteriaId\":\"26A2B713-7D6D-420A-93A4-E0D983C983DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:sap:*:*\",\"matchCriteriaId\":\"64DE38C8-94F1-4860-B045-F33928F676A8\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_cash_management:14.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3DBD5E57-CC8B-4180-ACBD-BD067D0801D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_cash_management:14.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"071E67EC-DC5A-4BD1-AC8F-6266E6436FF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_cash_management:14.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"626C6209-8BC3-4954-BF0C-51500582457E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0CF9A061-2421-426D-9854-0A4E55B2961D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F95EDC3D-54BB-48F9-82F2-7CCF335FCA78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_corporate_lending_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B72B735F-4E52-484A-9C2C-23E6E2070385\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B36A1D4-F391-4EE3-9A65-0A10568795BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"55116032-AAD1-4FEA-9DA8-2C4CBD3D3F61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_credit_facilities_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0275F820-40BE-47B8-B167-815A55DF578E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_supply_chain_finance:14.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A8420D4-AAF1-44AA-BF28-48EE3ED310B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:banking_trade_finance_process_management:14.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B185C1EA-71E6-4972-8637-08A33CC00841\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_activity_monitoring:11.1.1.9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CC723E79-8F35-417B-B9D9-6A707F74C1EE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5700C2E9-5FF2-48EF-AD85-3C03EDA76536\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:business_activity_monitoring:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA8461A2-428C-4817-92A9-0C671545698D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:11.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"512E0604-4D40-49CE-8142-89379A226913\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_brm_-_elastic_charging_engine:12.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F5726AE4-4F63-4793-8948-0546DAA2D50D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7637F8B-15F1-42E2-BE18-E1FF7C66587D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E43D793A-7756-4D58-A8ED-72DC4EC9CEA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B095CC03-7077-4A58-AB25-CC5380CDCE5A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3D1C35DF-D30D-42C8-B56D-C809609AB2A4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"834B4CE7-042E-489F-AE19-0EEA2C37E7A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"490B2C44-CECD-4551-B04F-4076D0E053C7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEC41EB8-73B4-4BDF-9321-F34EC0BAF9E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"48EFC111-B01B-4C34-87E4-D6B2C40C0122\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"073FEA23-E46A-4C73-9D29-95CFF4F5A59D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A69FB468-EAF3-4E67-95E7-DF92C281C1F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D6A4F71A-4269-40FC-8F61-1D1301F2B728\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_portal:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A502118-5B2B-47AE-82EC-1999BD841103\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D551CAB1-4312-44AA-BDA8-A030817E153A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:webcenter_sites:12.2.1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"174A6D2E-E42E-4C92-A194-C6A820CD7EF4\"}]}]}],\"references\":[{\"url\":\"https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/x-stream/xstream/commit/f0c4a8d861b68ffc3119cfbbbd632deee624e227\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f@%3Cdev.jmeter.apache.org%3E\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20210708-0007\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://www.debian.org/security/2021/dsa-5004\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://x-stream.github.io/CVE-2021-29505.html\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/x-stream/xstream/commit/24fac82191292c6ae25f94508d28b9823f83624f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/x-stream/xstream/security/advisories/GHSA-7chv-rrw6-w6fc\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://lists.apache.org/thread.html/r8ee51debf7fd184b6a6b020dc31df25118b0aa612885f12fbe77f04f%40%3Cdev.jmeter.apache.org%3E\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Mailing List\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/07/msg00004.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/22KVR6B5IZP3BGQ3HPWIO2FWWCKT3DHP/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PVPHZA7VW2RRSDCOIPP2W6O5ND254TU7/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGXIU3YDPG6OGTDHMBLAFN7BPBERXREB/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20210708-0007/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-5004\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuapr2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.