cvelistv5 - cve-2018-11039

CVE-2018-11039 (GCVE-0-2018-11039)

Vulnerability from cvelistv5 – Published: 2018-06-25 15:00 – Updated: 2024-09-16 22:08

Summary

Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.

Severity ?

No CVSS data available.

CWE

Cross Site Tracing

Assigner

dell

References

URL

Tags

	http://www.securityfocus.com/bid/107984	vdb-entryx_refsource_BID
	http://www.oracle.com/technetwork/security-adviso…	x_refsource_CONFIRM
	https://www.oracle.com/security-alerts/cpujul2020.html	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_CONFIRM
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/technetwork/security-advis…	x_refsource_MISC
	https://www.oracle.com/security-alerts/cpujan2020.html	x_refsource_MISC
	https://pivotal.io/security/cve-2018-11039	x_refsource_CONFIRM
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://www.oracle.com/security-alerts/cpuoct2021.html	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Pivotal	Spring Framework	Affected: 5.0.x , < 5.0.7 (custom) Affected: 4.3.x , < 4.3.18 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T07:54:36.406Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "107984",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/107984"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://pivotal.io/security/cve-2018-11039"
          },
          {
            "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Spring Framework",
          "vendor": "Pivotal",
          "versions": [
            {
              "lessThan": "5.0.7",
              "status": "affected",
              "version": "5.0.x",
              "versionType": "custom"
            },
            {
              "lessThan": "4.3.18",
              "status": "affected",
              "version": "4.3.x",
              "versionType": "custom"
            }
          ]
        }
      ],
      "datePublic": "2018-06-14T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Cross Site Tracing",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-20T10:37:56",
        "orgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
        "shortName": "dell"
      },
      "references": [
        {
          "name": "107984",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/107984"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://pivotal.io/security/cve-2018-11039"
        },
        {
          "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "DATE_PUBLIC": "2018-06-14T04:00:00.000Z",
          "ID": "CVE-2018-11039",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Spring Framework",
                      "version": {
                        "version_data": [
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "5.0.x",
                            "version_value": "5.0.7"
                          },
                          {
                            "affected": "\u003c",
                            "version_affected": "\u003c",
                            "version_name": "4.3.x",
                            "version_value": "4.3.18"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Pivotal"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Cross Site Tracing"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "107984",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/107984"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://pivotal.io/security/cve-2018-11039",
              "refsource": "CONFIRM",
              "url": "https://pivotal.io/security/cve-2018-11039"
            },
            {
              "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        },
        "source": {
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "c550e75a-17ff-4988-97f0-544cde3820fe",
    "assignerShortName": "dell",
    "cveId": "CVE-2018-11039",
    "datePublished": "2018-06-25T15:00:00Z",
    "dateReserved": "2018-05-14T00:00:00",
    "dateUpdated": "2024-09-16T22:08:49.057Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.3.18\", \"matchCriteriaId\": \"9D3891F0-7BAE-45DD-992E-57DACE8ADEFE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.0.7\", \"matchCriteriaId\": \"8331CA8D-B3F4-4999-8E1C-E2AA9C834CAD\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ED43772F-D280-42F6-A292-7198284D6FE7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17EA8B91-7634-4636-B647-1049BA7CA088\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F17843-32EA-4C31-B65C-F424447BEF7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A125E817-F974-4509-872C-B71933F42AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3\", \"matchCriteriaId\": \"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"7.3.2\", \"versionEndIncluding\": \"7.3.6\", \"matchCriteriaId\": \"ABD748C9-24F6-4739-9772-208B98616EE2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"15817206-C2AD-47B7-B40F-85BB36DB4E78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.2.1\", \"matchCriteriaId\": \"468931C8-C76A-4E47-BF00-185D85F719C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1.0.4.0\", \"matchCriteriaId\": \"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B65CD29-C729-42AC-925E-014BA19581E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E856B4A-6AE7-4317-921A-35B4D2048652\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98F3E643-4B65-4668-BB11-C61ED54D5A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDCE0E90-495E-4437-8529-3C36441FB69D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51C25F23-6800-48A2-881C-C2A2C3FA045C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9027528A-4FE7-4E3C-B2DF-CCCED22128F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A699D02-296B-411E-9658-5893240605D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7036576C-2B1F-413D-B154-2DBF9BFDE7E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3DC116-2844-47A1-BEC2-D0675DD97148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0.0\", \"versionEndIncluding\": \"11.3.1\", \"matchCriteriaId\": \"E08D4207-DB46-42D6-A8C9-1BE857483B88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"641D134E-6C51-4DB8-8554-F6B5222EF479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB6321F8-7A0A-4DB8-9889-3527023C652A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02867DC7-E669-43C0-ACC4-E1CAA8B9994C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98EE20FD-3D21-4E23-95B8-7BD13816EB95\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"3.4.9.4237\", \"matchCriteriaId\": \"8A94B32D-6B5F-4E42-8345-4F9126A89435\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndIncluding\": \"4.0.6.5281\", \"matchCriteriaId\": \"EF71D94F-EFC5-4390-A380-AC0E5DB05516\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"8.0.0\", \"versionEndIncluding\": \"8.0.2.8191\", \"matchCriteriaId\": \"33EFAF19-A639-47AD-9CDC-D174C91F0F00\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"517E0654-F1DE-43C4-90B5-FB90CA31734B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"921B7906-A20A-4313-9398-D542A4198BBF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D09C6958-DD7C-4B43-B7F0-4EE65ED5B582\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1BBFE031-4BD1-4501-AC62-DC0AFC2167B7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FE91D517-D85D-4A8D-90DC-4561BBF8670E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DE15D64-6F49-4F43-8079-0C7827384C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ACB5604C-69AF-459D-A82D-8A3B78CF2655\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"655CF3AE-B649-4282-B727-8B3C5D829C40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"53CFE454-3E73-4A88-ABEE-322139B169A8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"457C8C66-FB0C-4532-9027-8777CF42D17A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FF2B9DA6-2937-4574-90DF-09FD770B23D4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"20357086-0C32-44B5-A1FA-79283E88FB47\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B05A34B4-A853-456C-BD56-3B3FD6397424\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A17D989-66AC-4A17-AB4D-E0EC045FB457\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14285308-8564-4858-8D31-E40E57B27390\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0BBB59C-D3B4-4CA9-870B-3FB9118F3F4E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21973CDD-D16E-4321-9F8E-67F4264D7C21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE188B12-D28E-490C-9948-F5305A7D55BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40B13B7-68B3-4510-968C-6A730EB46462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C93CC705-1F8C-4870-99E6-14BF264C3811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.\"}, {\"lang\": \"es\", \"value\": \"Spring Framework (versiones 5.0.x anteriores a la 5.0.7, versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte) permite que las aplicaciones web cambien el m\\u00e9todo de petici\\u00f3n HTTP a cualquier m\\u00e9todo HTTP (incluyendo TRACE) utilizando HiddenHttpMethodFilter en Spring MVC. Si una aplicaci\\u00f3n tiene una vulnerabilidad Cross-Site Scripting (XSS) preexistente, un usuario (o atacante) malicioso puede emplear este filtro para escalar a un ataque XST (Cross Site Tracing).\"}]",
      "id": "CVE-2018-11039",
      "lastModified": "2024-11-21T03:42:32.633",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\", \"baseScore\": 5.9, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2018-06-25T15:29:00.317",
      "references": "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107984\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2018-11039\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/107984\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2018-11039\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security_alert@emc.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2018-11039\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-06-25T15:29:00.317\",\"lastModified\":\"2024-11-21T03:42:32.633\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.\"},{\"lang\":\"es\",\"value\":\"Spring Framework (versiones 5.0.x anteriores a la 5.0.7, versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte) permite que las aplicaciones web cambien el m\u00e9todo de petici\u00f3n HTTP a cualquier m\u00e9todo HTTP (incluyendo TRACE) utilizando HiddenHttpMethodFilter en Spring MVC. Si una aplicaci\u00f3n tiene una vulnerabilidad Cross-Site Scripting (XSS) preexistente, un usuario (o atacante) malicioso puede emplear este filtro para escalar a un ataque XST (Cross Site Tracing).\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.9,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.2,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.18\",\"matchCriteriaId\":\"9D3891F0-7BAE-45DD-992E-57DACE8ADEFE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.7\",\"matchCriteriaId\":\"8331CA8D-B3F4-4999-8E1C-E2AA9C834CAD\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D14ABF04-E460-4911-9C6C-B7BCEFE68E9D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ED43772F-D280-42F6-A292-7198284D6FE7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C650FEDB-E903-4C2D-AD40-282AB5F2E3C2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EA8B91-7634-4636-B647-1049BA7CA088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F17843-32EA-4C31-B65C-F424447BEF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"7.3.2\",\"versionEndIncluding\":\"7.3.6\",\"matchCriteriaId\":\"ABD748C9-24F6-4739-9772-208B98616EE2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"15817206-C2AD-47B7-B40F-85BB36DB4E78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2.1\",\"matchCriteriaId\":\"468931C8-C76A-4E47-BF00-185D85F719C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.0.4.0\",\"matchCriteriaId\":\"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B65CD29-C729-42AC-925E-014BA19581E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E856B4A-6AE7-4317-921A-35B4D2048652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C25F23-6800-48A2-881C-C2A2C3FA045C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027528A-4FE7-4E3C-B2DF-CCCED22128F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A699D02-296B-411E-9658-5893240605D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7036576C-2B1F-413D-B154-2DBF9BFDE7E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.0\",\"versionEndIncluding\":\"11.3.1\",\"matchCriteriaId\":\"E08D4207-DB46-42D6-A8C9-1BE857483B88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641D134E-6C51-4DB8-8554-F6B5222EF479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6321F8-7A0A-4DB8-9889-3527023C652A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02867DC7-E669-43C0-ACC4-E1CAA8B9994C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98EE20FD-3D21-4E23-95B8-7BD13816EB95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"3.4.9.4237\",\"matchCriteriaId\":\"8A94B32D-6B5F-4E42-8345-4F9126A89435\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.0.6.5281\",\"matchCriteriaId\":\"EF71D94F-EFC5-4390-A380-AC0E5DB05516\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.0.0\",\"versionEndIncluding\":\"8.0.2.8191\",\"matchCriteriaId\":\"33EFAF19-A639-47AD-9CDC-D174C91F0F00\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0745445C-EC43-4091-BA7C-5105AFCC6F1F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"517E0654-F1DE-43C4-90B5-FB90CA31734B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"921B7906-A20A-4313-9398-D542A4198BBF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D09C6958-DD7C-4B43-B7F0-4EE65ED5B582\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1BBFE031-4BD1-4501-AC62-DC0AFC2167B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FE91D517-D85D-4A8D-90DC-4561BBF8670E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE15D64-6F49-4F43-8079-0C7827384C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ACB5604C-69AF-459D-A82D-8A3B78CF2655\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"655CF3AE-B649-4282-B727-8B3C5D829C40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"53CFE454-3E73-4A88-ABEE-322139B169A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"457C8C66-FB0C-4532-9027-8777CF42D17A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF2B9DA6-2937-4574-90DF-09FD770B23D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"20357086-0C32-44B5-A1FA-79283E88FB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B05A34B4-A853-456C-BD56-3B3FD6397424\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A17D989-66AC-4A17-AB4D-E0EC045FB457\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14285308-8564-4858-8D31-E40E57B27390\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0BBB59C-D3B4-4CA9-870B-3FB9118F3F4E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21973CDD-D16E-4321-9F8E-67F4264D7C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A0ED83E3-E6BF-4EAA-AF8F-33485A88A218\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE188B12-D28E-490C-9948-F5305A7D55BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107984\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2018-11039\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/107984\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2018-11039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}

WID-SEC-W-2024-0528

Vulnerability from csaf_certbund - Published: 2024-02-29 23:00 - Updated: 2024-02-29 23:00

Summary

Dell Data Protection Advisor: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

Data Protection Advisor ist eine Monitoring Lösung. Der Collector ist der lokale Agent.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuführen, einen Denial-of-Service-Zustand herbeizuführen, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuführen.

Betroffene Betriebssysteme

- Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Data Protection Advisor ist eine Monitoring L\u00f6sung. Der Collector ist der lokale Agent.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Dell Data Protection Advisor ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Berechtigungen zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0528 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0528.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0528 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0528"
      },
      {
        "category": "external",
        "summary": "Dell Security Advisory DSA-2024-107 vom 2024-02-29",
        "url": "https://www.dell.com/support/kbdoc/000222618/dsa-2024-="
      }
    ],
    "source_lang": "en-US",
    "title": "Dell Data Protection Advisor: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-02-29T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:05:58.480+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0528",
      "initial_release_date": "2024-02-29T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-02-29T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c 19.10",
                "product": {
                  "name": "Dell Data Protection Advisor \u003c 19.10",
                  "product_id": "T033198"
                }
              }
            ],
            "category": "product_name",
            "name": "Data Protection Advisor"
          }
        ],
        "category": "vendor",
        "name": "Dell"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-45648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-45648"
    },
    {
      "cve": "CVE-2023-42795",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-42795"
    },
    {
      "cve": "CVE-2023-41080",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-41080"
    },
    {
      "cve": "CVE-2023-34055",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-34055"
    },
    {
      "cve": "CVE-2023-28708",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-28708"
    },
    {
      "cve": "CVE-2023-28154",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-28154"
    },
    {
      "cve": "CVE-2023-22081",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22081"
    },
    {
      "cve": "CVE-2023-22067",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22067"
    },
    {
      "cve": "CVE-2023-22025",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-22025"
    },
    {
      "cve": "CVE-2023-20883",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20883"
    },
    {
      "cve": "CVE-2023-20873",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20873"
    },
    {
      "cve": "CVE-2023-20863",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20863"
    },
    {
      "cve": "CVE-2023-20861",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2023-20861"
    },
    {
      "cve": "CVE-2022-46175",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2022-41854",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-41854"
    },
    {
      "cve": "CVE-2022-38752",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38752"
    },
    {
      "cve": "CVE-2022-38751",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38751"
    },
    {
      "cve": "CVE-2022-38750",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38750"
    },
    {
      "cve": "CVE-2022-38749",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-38749"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-31129",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-31129"
    },
    {
      "cve": "CVE-2022-27772",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-27772"
    },
    {
      "cve": "CVE-2022-25881",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-25881"
    },
    {
      "cve": "CVE-2022-25858",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-25858"
    },
    {
      "cve": "CVE-2022-22971",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22971"
    },
    {
      "cve": "CVE-2022-22970",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22970"
    },
    {
      "cve": "CVE-2022-22968",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22968"
    },
    {
      "cve": "CVE-2022-22965",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22965"
    },
    {
      "cve": "CVE-2022-22950",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2022-22950"
    },
    {
      "cve": "CVE-2021-43980",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-43980"
    },
    {
      "cve": "CVE-2021-33037",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-33037"
    },
    {
      "cve": "CVE-2021-30640",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2021-30640"
    },
    {
      "cve": "CVE-2020-5421",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-5421"
    },
    {
      "cve": "CVE-2020-1938",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-1938"
    },
    {
      "cve": "CVE-2020-1935",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-1935"
    },
    {
      "cve": "CVE-2020-13943",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13943"
    },
    {
      "cve": "CVE-2020-13935",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13935"
    },
    {
      "cve": "CVE-2020-13934",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-13934"
    },
    {
      "cve": "CVE-2020-11996",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2020-11996"
    },
    {
      "cve": "CVE-2019-2684",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-2684"
    },
    {
      "cve": "CVE-2019-17563",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-17563"
    },
    {
      "cve": "CVE-2019-12418",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-12418"
    },
    {
      "cve": "CVE-2019-10072",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-10072"
    },
    {
      "cve": "CVE-2019-0232",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0232"
    },
    {
      "cve": "CVE-2019-0221",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0221"
    },
    {
      "cve": "CVE-2019-0199",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2019-0199"
    },
    {
      "cve": "CVE-2018-8037",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8037"
    },
    {
      "cve": "CVE-2018-8034",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8034"
    },
    {
      "cve": "CVE-2018-8014",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-8014"
    },
    {
      "cve": "CVE-2018-15756",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-15756"
    },
    {
      "cve": "CVE-2018-1336",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1336"
    },
    {
      "cve": "CVE-2018-1305",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1305"
    },
    {
      "cve": "CVE-2018-1304",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1304"
    },
    {
      "cve": "CVE-2018-1275",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1275"
    },
    {
      "cve": "CVE-2018-1272",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1272"
    },
    {
      "cve": "CVE-2018-1271",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1271"
    },
    {
      "cve": "CVE-2018-1270",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1270"
    },
    {
      "cve": "CVE-2018-1257",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1257"
    },
    {
      "cve": "CVE-2018-1199",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1199"
    },
    {
      "cve": "CVE-2018-1196",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-1196"
    },
    {
      "cve": "CVE-2018-11784",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-11040",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11040"
    },
    {
      "cve": "CVE-2018-11039",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2018-11039"
    },
    {
      "cve": "CVE-2017-8046",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-8046"
    },
    {
      "cve": "CVE-2017-7675",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-7675"
    },
    {
      "cve": "CVE-2017-7674",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-7674"
    },
    {
      "cve": "CVE-2017-5664",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5664"
    },
    {
      "cve": "CVE-2017-5651",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5651"
    },
    {
      "cve": "CVE-2017-5650",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5650"
    },
    {
      "cve": "CVE-2017-5648",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5648"
    },
    {
      "cve": "CVE-2017-5647",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-5647"
    },
    {
      "cve": "CVE-2017-18640",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-18640"
    },
    {
      "cve": "CVE-2017-12617",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2017-12617"
    },
    {
      "cve": "CVE-2016-9878",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-9878"
    },
    {
      "cve": "CVE-2016-8745",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-8745"
    },
    {
      "cve": "CVE-2016-8735",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-8735"
    },
    {
      "cve": "CVE-2016-6817",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-6817"
    },
    {
      "cve": "CVE-2016-6816",
      "notes": [
        {
          "category": "description",
          "text": "Es bestehen mehrere Schwachstellen in Dell Data Protection Advisor. Diese Fehler bestehen in den Komponenten von Drittanbietern wie Apache Tomcat, Java SE oder Spring Framework und anderen aufgrund mehrerer sicherheitsrelevanter Probleme. Ein Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, einen Denial-of-Service-Zustand herbeizuf\u00fchren, Dateien zu manipulieren, vertrauliche Informationen offenzulegen, seine Rechte zu erweitern oder einen nicht spezifizierten Angriff durchzuf\u00fchren."
        }
      ],
      "release_date": "2024-02-29T23:00:00.000+00:00",
      "title": "CVE-2016-6816"
    }
  ]
}

WID-SEC-W-2025-1212

Vulnerability from csaf_certbund - Published: 2019-04-16 22:00 - Updated: 2025-06-02 22:00

Summary

Oracle Communications Applications: Mehrere Schwachstellen

Notes

Produktbeschreibung

Mit der Unified Communications Suite bietet Oracle eine Messaging- und Collaboration-Plattform an. Oracle Communications Policy Management ist ein Produkt von Oracle und vereint mehrere Bereiche der Kommunikation. Oracle Communications Unified Inventory Management (UIM) ist eine offene, standardbasierte Anwendung, die eine Bestandsaufnahme von Kommunikationsdiensten und -ressourcen ermöglicht.

Angriff

Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um dadurch die Integrität, Vertraulichkeit und Verfügbarkeit zu gefährden.

Betroffene Betriebssysteme

- Linux - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Mit der Unified Communications Suite bietet Oracle eine Messaging- und Collaboration-Plattform an.\r\nOracle Communications Policy Management ist ein Produkt von Oracle und vereint mehrere Bereiche der Kommunikation.\r\nOracle Communications Unified Inventory Management (UIM) ist eine offene, standardbasierte Anwendung, die eine Bestandsaufnahme von Kommunikationsdiensten und -ressourcen erm\u00f6glicht.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein Angreifer kann mehrere Schwachstellen in Oracle Communications Applications ausnutzen, um dadurch die Integrit\u00e4t, Vertraulichkeit und Verf\u00fcgbarkeit zu gef\u00e4hrden.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2025-1212 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2019/wid-sec-w-2025-1212.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2025-1212 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2025-1212"
      },
      {
        "category": "external",
        "summary": "Oracle Critical Patch Update Advisory - April 2019 vom 2019-04-16",
        "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html#AppendixCGBU"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4218-1 vom 2019-12-11",
        "url": "https://usn.ubuntu.com/4218-1/"
      },
      {
        "category": "external",
        "summary": "XEROX Security Advisory XRX25-012 vom 2025-06-02",
        "url": "https://security.business.xerox.com/wp-content/uploads/2025/06/Xerox-Security-Bulletin-XRX25-012-for-Xerox-FreeFlow-Print-Server-v9.pdf"
      }
    ],
    "source_lang": "en-US",
    "title": "Oracle Communications Applications: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2025-06-02T22:00:00.000+00:00",
      "generator": {
        "date": "2025-06-03T09:23:36.426+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.12"
        }
      },
      "id": "WID-SEC-W-2025-1212",
      "initial_release_date": "2019-04-16T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2019-04-16T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2019-04-17T22:00:00.000+00:00",
          "number": "2",
          "summary": "Schreibfehler korrigiert"
        },
        {
          "date": "2019-12-10T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2025-06-02T22:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von XEROX aufgenommen"
        }
      ],
      "status": "final",
      "version": "4"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "10",
                "product": {
                  "name": "Oracle Communications EAGLE LNP Application Processor 10.0",
                  "product_id": "T014014",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_eagle_lnp_application_processor:10.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.1",
                "product": {
                  "name": "Oracle Communications EAGLE LNP Application Processor 10.1",
                  "product_id": "T014015",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_eagle_lnp_application_processor:10.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "10.2",
                "product": {
                  "name": "Oracle Communications EAGLE LNP Application Processor 10.2",
                  "product_id": "T014016",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_eagle_lnp_application_processor:10.2"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications EAGLE LNP Application Processor"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "13.1",
                "product": {
                  "name": "Oracle Communications LSMS 13.1",
                  "product_id": "T006217",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_lsms:13.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.2",
                "product": {
                  "name": "Oracle Communications LSMS 13.2",
                  "product_id": "T014017",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_lsms:13.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "13.3",
                "product": {
                  "name": "Oracle Communications LSMS 13.3",
                  "product_id": "T014018",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_lsms:13.3"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications LSMS"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.1",
                "product": {
                  "name": "Oracle Communications Messaging Server 8.1",
                  "product_id": "T014019",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_messaging_server:8.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8",
                "product": {
                  "name": "Oracle Communications Messaging Server 8.0",
                  "product_id": "T014020",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_messaging_server:8.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Messaging Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "12.2",
                "product": {
                  "name": "Oracle Communications Policy Management 12.2",
                  "product_id": "T009732",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.1",
                "product": {
                  "name": "Oracle Communications Policy Management 12.1",
                  "product_id": "T014021",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.3",
                "product": {
                  "name": "Oracle Communications Policy Management 12.3",
                  "product_id": "T014022",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.3"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "12.4",
                "product": {
                  "name": "Oracle Communications Policy Management 12.4",
                  "product_id": "T014023",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_policy_management:12.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Policy Management"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "6",
                "product": {
                  "name": "Oracle Communications Service Broker 6.0",
                  "product_id": "329193",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_service_broker:6.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Service Broker"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "8.2.0",
                "product": {
                  "name": "Oracle Communications Session Border Controller 8.2.0",
                  "product_id": "T014024",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_session_border_controller:8.2.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.1.0",
                "product": {
                  "name": "Oracle Communications Session Border Controller 8.1.0",
                  "product_id": "T014025",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_session_border_controller:8.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "8.0.0",
                "product": {
                  "name": "Oracle Communications Session Border Controller 8.0.0",
                  "product_id": "T014026",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_session_border_controller:8.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Communications Session Border Controller"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "3.1.0",
                "product": {
                  "name": "Oracle Enterprise Communications Broker 3.1.0",
                  "product_id": "T014030",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:enterprise_communications_broker:3.1.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "3.0.0",
                "product": {
                  "name": "Oracle Enterprise Communications Broker 3.0.0",
                  "product_id": "T014031",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:enterprise_communications_broker:3.0.0"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "Enterprise Communications Broker"
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "9",
                "product": {
                  "name": "Xerox FreeFlow Print Server 9",
                  "product_id": "T002977",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:xerox:freeflow_print_server:9"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "FreeFlow Print Server"
          }
        ],
        "category": "vendor",
        "name": "Xerox"
      },
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "7.4.0",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.4.0",
                  "product_id": "T013407",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.4.0"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.5",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.3.5",
                  "product_id": "T014027",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.3.5"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.2",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.3.2",
                  "product_id": "T014028",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.3.2"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "7.3.4",
                "product": {
                  "name": "Oracle Communications Unified Inventory Management 7.3.4",
                  "product_id": "T014029",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:oracle:communications_unified_inventory_management:7.3.4"
                  }
                }
              }
            ],
            "category": "product_name",
            "name": "communications_unified_inventory_management"
          }
        ],
        "category": "vendor",
        "name": "oracle"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-9251",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2015-9251"
    },
    {
      "cve": "CVE-2016-1000031",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1000031"
    },
    {
      "cve": "CVE-2016-1181",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1181"
    },
    {
      "cve": "CVE-2016-1182",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-1182"
    },
    {
      "cve": "CVE-2016-7055",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-7055"
    },
    {
      "cve": "CVE-2016-8735",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2016-8735"
    },
    {
      "cve": "CVE-2017-0861",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-0861"
    },
    {
      "cve": "CVE-2017-12617",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-12617"
    },
    {
      "cve": "CVE-2017-15265",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-15265"
    },
    {
      "cve": "CVE-2017-3730",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3730"
    },
    {
      "cve": "CVE-2017-3731",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3731"
    },
    {
      "cve": "CVE-2017-3732",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3732"
    },
    {
      "cve": "CVE-2017-3733",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3733"
    },
    {
      "cve": "CVE-2017-3735",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3735"
    },
    {
      "cve": "CVE-2017-3736",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3736"
    },
    {
      "cve": "CVE-2017-3738",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-3738"
    },
    {
      "cve": "CVE-2017-5645",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5645"
    },
    {
      "cve": "CVE-2017-5664",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5664"
    },
    {
      "cve": "CVE-2017-5753",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5753"
    },
    {
      "cve": "CVE-2017-5754",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-5754"
    },
    {
      "cve": "CVE-2017-7525",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2017-7525"
    },
    {
      "cve": "CVE-2018-0732",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0732"
    },
    {
      "cve": "CVE-2018-0733",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0733"
    },
    {
      "cve": "CVE-2018-0734",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0734"
    },
    {
      "cve": "CVE-2018-0737",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0737"
    },
    {
      "cve": "CVE-2018-0739",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-0739"
    },
    {
      "cve": "CVE-2018-1000004",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000004"
    },
    {
      "cve": "CVE-2018-1000180",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000180"
    },
    {
      "cve": "CVE-2018-1000613",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1000613"
    },
    {
      "cve": "CVE-2018-10901",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-10901"
    },
    {
      "cve": "CVE-2018-11039",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11039"
    },
    {
      "cve": "CVE-2018-11040",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11040"
    },
    {
      "cve": "CVE-2018-11218",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11218"
    },
    {
      "cve": "CVE-2018-11219",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11219"
    },
    {
      "cve": "CVE-2018-11236",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11236"
    },
    {
      "cve": "CVE-2018-11237",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11237"
    },
    {
      "cve": "CVE-2018-11784",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-11784"
    },
    {
      "cve": "CVE-2018-12384",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-12384"
    },
    {
      "cve": "CVE-2018-12404",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-12404"
    },
    {
      "cve": "CVE-2018-1257",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1257"
    },
    {
      "cve": "CVE-2018-1258",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-1258"
    },
    {
      "cve": "CVE-2018-16864",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-16864"
    },
    {
      "cve": "CVE-2018-16865",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-16865"
    },
    {
      "cve": "CVE-2018-16890",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-16890"
    },
    {
      "cve": "CVE-2018-3620",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3620"
    },
    {
      "cve": "CVE-2018-3646",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3646"
    },
    {
      "cve": "CVE-2018-3693",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-3693"
    },
    {
      "cve": "CVE-2018-6485",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-6485"
    },
    {
      "cve": "CVE-2018-7489",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-7489"
    },
    {
      "cve": "CVE-2018-7566",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2018-7566"
    },
    {
      "cve": "CVE-2019-3822",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-3822"
    },
    {
      "cve": "CVE-2019-3823",
      "product_status": {
        "known_affected": [
          "T009732",
          "T013407",
          "T014018",
          "T014029",
          "T006217",
          "T014019",
          "T014016",
          "T014027",
          "T014017",
          "T014028",
          "T014014",
          "T014025",
          "T002977",
          "T014015",
          "T014026",
          "T014023",
          "T014024",
          "T014021",
          "T014022",
          "T014030",
          "T014020",
          "T014031",
          "329193",
          "T000126"
        ]
      },
      "release_date": "2019-04-16T22:00:00.000+00:00",
      "title": "CVE-2019-3823"
    }
  ]
}

CNVD-2019-05302

Vulnerability from cnvd - Published: 2019-02-26

Title

Spring Framework跨站跟踪漏洞

Description

Pivotal Spring Framework是美国Pivotal Software公司的一套开源的Java、Java EE应用程序框架。该框架可帮助开发人员构建高质量的应用。 Pivotal Spring Framework 5.0.7之前的5.0.x版本、4.3.18之前的4.3.x版本和不再支持的更早版本存在安全漏洞，该漏洞源于程序允许Web应用程序将HTTP请求方法更改成任意的HTTP方法（包括：TRACE）。攻击者可利用该漏洞实施跨站跟踪攻击。

Severity

中

Patch Name

Spring Framework跨站跟踪漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://pivotal.io/security/cve-2018-11039

Reference

https://nvd.nist.gov/vuln/detail/CVE-2018-11039

Impacted products

Name
['Pivotal Software Spring Framework 5.0.，<5.0.7', 'Pivotal Software Spring Framework 4.3.，<4.3.18']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2018-11039",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2018-11039"
    }
  },
  "description": "Pivotal Spring Framework\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\u8be5\u6846\u67b6\u53ef\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u6784\u5efa\u9ad8\u8d28\u91cf\u7684\u5e94\u7528\u3002\n\nPivotal Spring Framework 5.0.7\u4e4b\u524d\u76845.0.x\u7248\u672c\u30014.3.18\u4e4b\u524d\u76844.3.x\u7248\u672c\u548c\u4e0d\u518d\u652f\u6301\u7684\u66f4\u65e9\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5141\u8bb8Web\u5e94\u7528\u7a0b\u5e8f\u5c06HTTP\u8bf7\u6c42\u65b9\u6cd5\u66f4\u6539\u6210\u4efb\u610f\u7684HTTP\u65b9\u6cd5\uff08\u5305\u62ec\uff1aTRACE\uff09\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u8ddf\u8e2a\u653b\u51fb\u3002",
  "discovererName": "unknwon",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://pivotal.io/security/cve-2018-11039",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2019-05302",
  "openTime": "2019-02-26",
  "patchDescription": "Pivotal Spring Framework\u662f\u7f8e\u56fdPivotal Software\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684Java\u3001Java EE\u5e94\u7528\u7a0b\u5e8f\u6846\u67b6\u3002\u8be5\u6846\u67b6\u53ef\u5e2e\u52a9\u5f00\u53d1\u4eba\u5458\u6784\u5efa\u9ad8\u8d28\u91cf\u7684\u5e94\u7528\u3002\r\n\r\nPivotal Spring Framework 5.0.7\u4e4b\u524d\u76845.0.x\u7248\u672c\u30014.3.18\u4e4b\u524d\u76844.3.x\u7248\u672c\u548c\u4e0d\u518d\u652f\u6301\u7684\u66f4\u65e9\u7248\u672c\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u7a0b\u5e8f\u5141\u8bb8Web\u5e94\u7528\u7a0b\u5e8f\u5c06HTTP\u8bf7\u6c42\u65b9\u6cd5\u66f4\u6539\u6210\u4efb\u610f\u7684HTTP\u65b9\u6cd5\uff08\u5305\u62ec\uff1aTRACE\uff09\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5b9e\u65bd\u8de8\u7ad9\u8ddf\u8e2a\u653b\u51fb\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Spring Framework\u8de8\u7ad9\u8ddf\u8e2a\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Pivotal Software Spring Framework 5.0.*\uff0c\u003c5.0.7",
      "Pivotal Software Spring Framework 4.3.*\uff0c\u003c4.3.18"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2018-11039",
  "serverity": "\u4e2d",
  "submitTime": "2018-06-27",
  "title": "Spring Framework\u8de8\u7ad9\u8ddf\u8e2a\u6f0f\u6d1e"
}

GSD-2018-11039

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2018-11039

Aliases

CVE-2018-11039

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2018-11039",
    "description": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
    "id": "GSD-2018-11039"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2018-11039"
      ],
      "details": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
      "id": "GSD-2018-11039",
      "modified": "2023-12-13T01:22:42.652278Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secure@dell.com",
        "DATE_PUBLIC": "2018-06-14T04:00:00.000Z",
        "ID": "CVE-2018-11039",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Spring Framework",
                    "version": {
                      "version_data": [
                        {
                          "affected": "\u003c",
                          "version_name": "5.0.x",
                          "version_value": "5.0.7"
                        },
                        {
                          "affected": "\u003c",
                          "version_name": "4.3.x ",
                          "version_value": "4.3.18"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Pivotal"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "Cross Site Tracing"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "107984",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/107984"
          },
          {
            "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "refsource": "CONFIRM",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
          },
          {
            "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
          },
          {
            "name": "https://pivotal.io/security/cve-2018-11039",
            "refsource": "CONFIRM",
            "url": "https://pivotal.io/security/cve-2018-11039"
          },
          {
            "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
            "refsource": "MLIST",
            "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
          },
          {
            "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
            "refsource": "MISC",
            "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(0)",
          "affected_versions": "None",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2023-07-19",
          "description": "This advisory has been marked as a False Positive and has been removed.",
          "fixed_versions": [],
          "identifier": "CVE-2018-11039",
          "identifiers": [
            "GHSA-9gcm-f4x3-8jpw",
            "CVE-2018-11039"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.springframework/spring-core",
          "pubdate": "2018-06-25",
          "solution": "Nothing to do.",
          "title": "False positive",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11039",
            "https://github.com/advisories/GHSA-9gcm-f4x3-8jpw",
            "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html",
            "https://pivotal.io/security/cve-2018-11039",
            "https://www.oracle.com/security-alerts/cpujan2020.html",
            "https://www.oracle.com/security-alerts/cpujul2020.html",
            "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            "http://www.securityfocus.com/bid/107984",
            "https://www.oracle.com/security-alerts/cpuoct2021.html"
          ],
          "uuid": "306ec983-eca4-45a2-a8ca-2935fe8fcc4f"
        },
        {
          "affected_range": "[4.3.0,4.3.18.RELEASE),[5.0.0.RELEASE,5.0.7.RELEASE)",
          "affected_versions": "All versions starting from 4.3.0.RELEASE before 4.3.18.RELEASE, all versions starting from 5.0.0.RELEASE before 5.0.7.RELEASE",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2019-10-03",
          "description": "Spring Framework allows web applications to change the HTTP request method to any HTTP method (including TRACE) using the `HiddenHttpMethodFilter` in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
          "fixed_versions": [
            "4.3.18.RELEASE",
            "5.0.7.RELEASE"
          ],
          "identifier": "CVE-2018-11039",
          "identifiers": [
            "CVE-2018-11039"
          ],
          "not_impacted": "All versions before 4.3.0.RELEASE, all versions starting from 4.3.18.RELEASE before 5.0.0.RELEASE, all versions starting from 5.0.7.RELEASE",
          "package_slug": "maven/org.springframework/spring-web",
          "pubdate": "2018-06-25",
          "solution": "Upgrade to versions 4.3.18.RELEASE, 5.0.7.RELEASE or above.",
          "title": "Cross Site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11039",
            "https://pivotal.io/security/cve-2018-11039"
          ],
          "uuid": "a8807a5c-bd2f-49cc-8523-c4dd4557f9fd"
        },
        {
          "affected_range": "(0)",
          "affected_versions": "None",
          "cvss_v2": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2023-07-19",
          "description": "This advisory has been marked as a False Positive and has been removed.",
          "fixed_versions": [],
          "identifier": "CVE-2018-11039",
          "identifiers": [
            "CVE-2018-11039"
          ],
          "not_impacted": "",
          "package_slug": "maven/org.springframework/spring-webmvc",
          "pubdate": "2018-06-25",
          "solution": "Nothing to do.",
          "title": "False positive",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2018-11039",
            "https://pivotal.io/security/cve-2018-11039"
          ],
          "uuid": "2cfc5006-f0e1-4474-bbab-6ac71ed93739"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "5.0.7",
                "versionStartIncluding": "5.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.3.18",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.2.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "6.1.0.4.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "7.3.6",
                "versionStartIncluding": "7.3.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "11.3.1",
                "versionStartIncluding": "11.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.4.9.4237",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.0.6.5281",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "8.0.2.8191",
                "versionStartIncluding": "8.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secure@dell.com",
          "ID": "CVE-2018-11039"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://pivotal.io/security/cve-2018-11039",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Vendor Advisory"
              ],
              "url": "https://pivotal.io/security/cve-2018-11039"
            },
            {
              "name": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
            },
            {
              "name": "107984",
              "refsource": "BID",
              "tags": [
                "Broken Link",
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/107984"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
            },
            {
              "name": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujan2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpujul2020.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
            },
            {
              "name": "[debian-lts-announce] 20210423 [SECURITY] [DLA 2635-1] libspring-java security update",
              "refsource": "MLIST",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
            },
            {
              "name": "https://www.oracle.com/security-alerts/cpuoct2021.html",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.2,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2022-06-23T16:30Z",
      "publishedDate": "2018-06-25T15:29Z"
    }
  }
}

GHSA-9GCM-F4X3-8JPW

Vulnerability from github – Published: 2018-10-16 17:35 – Updated: 2024-03-05 17:33

Summary

Spring Framework Cross Site Tracing (XST)

Details

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0.0"
            },
            {
              "fixed": "5.0.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.springframework:spring-web"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.3.0"
            },
            {
              "fixed": "4.3.18"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2018-11039"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2020-06-16T21:28:30Z",
    "nvd_published_at": "2018-06-25T15:29:00Z",
    "severity": "MODERATE"
  },
  "details": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack.",
  "id": "GHSA-9gcm-f4x3-8jpw",
  "modified": "2024-03-05T17:33:42Z",
  "published": "2018-10-16T17:35:54Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-11039"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/issues/21376"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/323ccf99e575343f63d56e229c25c35c170b7ec1"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/a5cd01a4c857aaaba7ccc51545fc73dd25b5cba5"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/dac97f1b7dac3e70ff603fb6fc9f205b95dd6b01"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/f2694a8ed93f1f63f87ce45d0bb638478b426acd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/spring-projects/spring-framework/commit/f64fa3dea10af125d612d3a997aece93d21bc875"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "type": "WEB",
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "type": "WEB",
      "url": "https://spring.io/security/cve-2018-11039"
    },
    {
      "type": "WEB",
      "url": "https://pivotal.io/security/cve-2018-11039"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/spring-projects/spring-framework"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-9gcm-f4x3-8jpw"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/107984"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Spring Framework Cross Site Tracing (XST)"
}

FKIE_CVE-2018-11039

Vulnerability from fkie_nvd - Published: 2018-06-25 15:29 - Updated: 2024-11-21 03:42

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
security_alert@emc.com	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
security_alert@emc.com	http://www.securityfocus.com/bid/107984	Broken Link, Third Party Advisory, VDB Entry
security_alert@emc.com	https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html	Mailing List, Third Party Advisory
security_alert@emc.com	https://pivotal.io/security/cve-2018-11039	Mitigation, Vendor Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory
security_alert@emc.com	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/107984	Broken Link, Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://pivotal.io/security/cve-2018-11039	Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujan2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpujul2020.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/security-alerts/cpuoct2021.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html	Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
vmware	spring_framework	*
vmware	spring_framework	*
oracle	agile_plm	9.3.3
oracle	agile_plm	9.3.4
oracle	agile_plm	9.3.5
oracle	agile_plm	9.3.6
oracle	application_testing_suite	12.5.0.3
oracle	application_testing_suite	13.1.0.1
oracle	application_testing_suite	13.2.0.1
oracle	application_testing_suite	13.3.0.1
oracle	communications_diameter_signaling_router	*
oracle	communications_network_integrity	*
oracle	communications_online_mediation_controller	6.1
oracle	communications_performance_intelligence_center	*
oracle	communications_services_gatekeeper	*
oracle	communications_unified_inventory_management	7.3.2
oracle	communications_unified_inventory_management	7.3.4
oracle	communications_unified_inventory_management	7.3.5
oracle	communications_unified_inventory_management	7.4.0
oracle	endeca_information_discovery_integrator	3.1.0
oracle	endeca_information_discovery_integrator	3.2.0
oracle	enterprise_manager_base_platform	12.1.0.5.0
oracle	enterprise_manager_base_platform	13.2.0.0.0
oracle	enterprise_manager_base_platform	13.3.0.0.0
oracle	enterprise_manager_for_mysql_database	13.2
oracle	enterprise_manager_ops_center	12.3.3
oracle	health_sciences_information_manager	3.0
oracle	healthcare_master_person_index	3.0
oracle	healthcare_master_person_index	4.0
oracle	hospitality_guest_access	4.2.0
oracle	hospitality_guest_access	4.2.1
oracle	insurance_calculation_engine	*
oracle	insurance_calculation_engine	10.2
oracle	insurance_rules_palette	10.0
oracle	insurance_rules_palette	10.2
oracle	micros_lucas	2.9.5
oracle	mysql_enterprise_monitor	*
oracle	mysql_enterprise_monitor	*
oracle	mysql_enterprise_monitor	*
oracle	primavera_p6_enterprise_project_portfolio_management	18.8
oracle	retail_advanced_inventory_planning	15.0
oracle	retail_assortment_planning	14.1
oracle	retail_assortment_planning	15.0
oracle	retail_assortment_planning	16.0
oracle	retail_clearance_optimization_engine	14.0.5
oracle	retail_customer_insights	15.0
oracle	retail_customer_insights	16.0
oracle	retail_financial_integration	13.2
oracle	retail_financial_integration	14.0
oracle	retail_financial_integration	14.1
oracle	retail_financial_integration	15.0
oracle	retail_financial_integration	16.0
oracle	retail_integration_bus	14.1.2
oracle	retail_markdown_optimization	13.4.4
oracle	retail_predictive_application_server	14.0.3.26
oracle	retail_predictive_application_server	14.1.3.37
oracle	retail_predictive_application_server	15.0.3..100
oracle	retail_predictive_application_server	16.0
oracle	retail_xstore_point_of_service	7.1
oracle	utilities_network_management_system	1.12.0.3
oracle	weblogic_server	10.3.6.0.0
oracle	weblogic_server	12.1.3.0.0
oracle	weblogic_server	12.2.1.3.0
debian	debian_linux	9.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3891F0-7BAE-45DD-992E-57DACE8ADEFE",
              "versionEndExcluding": "4.3.18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8331CA8D-B3F4-4999-8E1C-E2AA9C834CAD",
              "versionEndExcluding": "5.0.7",
              "versionStartIncluding": "5.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D14ABF04-E460-4911-9C6C-B7BCEFE68E9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCF62B0C-A8BD-40E6-9E4E-E684F4E87ACD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "ED43772F-D280-42F6-A292-7198284D6FE7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C650FEDB-E903-4C2D-AD40-282AB5F2E3C2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "17EA8B91-7634-4636-B647-1049BA7CA088",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B4DF46F-DBCC-41F2-A260-F83A14838F23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "10F17843-32EA-4C31-B65C-F424447BEF7B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A125E817-F974-4509-872C-B71933F42AD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_network_integrity:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABD748C9-24F6-4739-9772-208B98616EE2",
              "versionEndIncluding": "7.3.6",
              "versionStartIncluding": "7.3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_online_mediation_controller:6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "15817206-C2AD-47B7-B40F-85BB36DB4E78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "468931C8-C76A-4E47-BF00-185D85F719C5",
              "versionEndExcluding": "10.2.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "97C1FA4C-5163-420C-A01A-EA36F1039BBB",
              "versionEndExcluding": "6.1.0.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "17A91FD9-9F77-42D3-A4D9-48BC7568ADE1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "539DA24F-E3E0-4455-84C6-A9D96CD601B3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8B65CD29-C729-42AC-925E-014BA19581E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7E856B4A-6AE7-4317-921A-35B4D2048652",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "98F3E643-4B65-4668-BB11-C61ED54D5A53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "459B4A5F-A6BD-4A1C-B6B7-C979F005EB70",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDCE0E90-495E-4437-8529-3C36441FB69D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "51C25F23-6800-48A2-881C-C2A2C3FA045C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "9027528A-4FE7-4E3C-B2DF-CCCED22128F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2A699D02-296B-411E-9658-5893240605D6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "7036576C-2B1F-413D-B154-2DBF9BFDE7E3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A3DC116-2844-47A1-BEC2-D0675DD97148",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E08D4207-DB46-42D6-A8C9-1BE857483B88",
              "versionEndIncluding": "11.3.1",
              "versionStartIncluding": "11.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "641D134E-6C51-4DB8-8554-F6B5222EF479",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB6321F8-7A0A-4DB8-9889-3527023C652A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "02867DC7-E669-43C0-ACC4-E1CAA8B9994C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:micros_lucas:2.9.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98EE20FD-3D21-4E23-95B8-7BD13816EB95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A94B32D-6B5F-4E42-8345-4F9126A89435",
              "versionEndIncluding": "3.4.9.4237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF71D94F-EFC5-4390-A380-AC0E5DB05516",
              "versionEndIncluding": "4.0.6.5281",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:mysql_enterprise_monitor:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "33EFAF19-A639-47AD-9CDC-D174C91F0F00",
              "versionEndIncluding": "8.0.2.8191",
              "versionStartIncluding": "8.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:primavera_p6_enterprise_project_portfolio_management:18.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0745445C-EC43-4091-BA7C-5105AFCC6F1F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "517E0654-F1DE-43C4-90B5-FB90CA31734B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "921B7906-A20A-4313-9398-D542A4198BBF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D09C6958-DD7C-4B43-B7F0-4EE65ED5B582",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_assortment_planning:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BBFE031-4BD1-4501-AC62-DC0AFC2167B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_clearance_optimization_engine:14.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "FE91D517-D85D-4A8D-90DC-4561BBF8670E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AD4AB77A-E829-4603-AF6A-97B9CD0D687F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6DE15D64-6F49-4F43-8079-0C7827384C86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ACB5604C-69AF-459D-A82D-8A3B78CF2655",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "655CF3AE-B649-4282-B727-8B3C5D829C40",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:14.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "53CFE454-3E73-4A88-ABEE-322139B169A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:15.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "457C8C66-FB0C-4532-9027-8777CF42D17A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_financial_integration:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF2B9DA6-2937-4574-90DF-09FD770B23D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_integration_bus:14.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "20357086-0C32-44B5-A1FA-79283E88FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_markdown_optimization:13.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "B05A34B4-A853-456C-BD56-3B3FD6397424",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.0.3.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "6A17D989-66AC-4A17-AB4D-E0EC045FB457",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3.37:*:*:*:*:*:*:*",
              "matchCriteriaId": "14285308-8564-4858-8D31-E40E57B27390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3..100:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0BBB59C-D3B4-4CA9-870B-3FB9118F3F4E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "21973CDD-D16E-4321-9F8E-67F4264D7C21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:retail_xstore_point_of_service:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0ED83E3-E6BF-4EAA-AF8F-33485A88A218",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "EE188B12-D28E-490C-9948-F5305A7D55BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B40B13B7-68B3-4510-968C-6A730EB46462",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C93CC705-1F8C-4870-99E6-14BF264C3811",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F14A818F-AA16-4438-A3E4-E64C9287AC66",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Spring Framework (versions 5.0.x prior to 5.0.7, versions 4.3.x prior to 4.3.18, and older unsupported versions) allow web applications to change the HTTP request method to any HTTP method (including TRACE) using the HiddenHttpMethodFilter in Spring MVC. If an application has a pre-existing XSS vulnerability, a malicious user (or attacker) can use this filter to escalate to an XST (Cross Site Tracing) attack."
    },
    {
      "lang": "es",
      "value": "Spring Framework (versiones 5.0.x anteriores a la 5.0.7, versiones 4.3.x anteriores a la 4.3.18 y versiones anteriores sin soporte) permite que las aplicaciones web cambien el m\u00e9todo de petici\u00f3n HTTP a cualquier m\u00e9todo HTTP (incluyendo TRACE) utilizando HiddenHttpMethodFilter en Spring MVC. Si una aplicaci\u00f3n tiene una vulnerabilidad Cross-Site Scripting (XSS) preexistente, un usuario (o atacante) malicioso puede emplear este filtro para escalar a un ataque XST (Cross Site Tracing)."
    }
  ],
  "id": "CVE-2018-11039",
  "lastModified": "2024-11-21T03:42:32.633",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2018-06-25T15:29:00.317",
  "references": [
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107984"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-11039"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "security_alert@emc.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/107984"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00022.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://pivotal.io/security/cve-2018-11039"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujan2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpujul2020.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html"
    }
  ],
  "sourceIdentifier": "security_alert@emc.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2018-11039 (GCVE-0-2018-11039)

WID-SEC-W-2024-0528

WID-SEC-W-2025-1212

CNVD-2019-05302

GSD-2018-11039

GHSA-9GCM-F4X3-8JPW

FKIE_CVE-2018-11039

Tags

Sightings

Nomenclature