cve-2018-1257
Vulnerability from cvelistv5
Published
2018-05-11 20:00
Modified
2024-09-16 22:56
Severity ?
Summary
Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.
References
security_alert@emc.comhttp://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
security_alert@emc.comhttp://www.securityfocus.com/bid/104260Third Party Advisory, VDB Entry
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
security_alert@emc.comhttps://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
security_alert@emc.comhttps://pivotal.io/security/cve-2018-1257Vendor Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
security_alert@emc.comhttps://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/104260Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:1809Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://access.redhat.com/errata/RHSA-2018:3768Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://pivotal.io/security/cve-2018-1257Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujan2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpujul2020.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/security-alerts/cpuoct2021.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.htmlPatch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.htmlPatch, Third Party Advisory
Impacted products
Vendor Product Version
Pivotal Spring Framework Version: 5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T03:51:49.126Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "104260",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/104260",
               },
               {
                  name: "RHSA-2018:1809",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:1809",
               },
               {
                  name: "RHSA-2018:3768",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "https://access.redhat.com/errata/RHSA-2018:3768",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujul2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpujan2020.html",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://pivotal.io/security/cve-2018-1257",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "Spring Framework",
               vendor: "Pivotal",
               versions: [
                  {
                     status: "affected",
                     version: "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17",
                  },
               ],
            },
         ],
         datePublic: "2018-05-09T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "ReDoS",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2021-10-20T10:38:00",
            orgId: "c550e75a-17ff-4988-97f0-544cde3820fe",
            shortName: "dell",
         },
         references: [
            {
               name: "104260",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/104260",
            },
            {
               name: "RHSA-2018:1809",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:1809",
            },
            {
               name: "RHSA-2018:3768",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "https://access.redhat.com/errata/RHSA-2018:3768",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujul2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpujan2020.html",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://pivotal.io/security/cve-2018-1257",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secure@dell.com",
               DATE_PUBLIC: "2018-05-09T00:00:00",
               ID: "CVE-2018-1257",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "Spring Framework",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "5.0.x prior to 5.0.6; 4.3.x prior to 4.3.17",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "Pivotal",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "ReDoS",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "104260",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/104260",
                  },
                  {
                     name: "RHSA-2018:1809",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:1809",
                  },
                  {
                     name: "RHSA-2018:3768",
                     refsource: "REDHAT",
                     url: "https://access.redhat.com/errata/RHSA-2018:3768",
                  },
                  {
                     name: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                     refsource: "CONFIRM",
                     url: "http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujul2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujul2020.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                     refsource: "CONFIRM",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
                  },
                  {
                     name: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpujan2020.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpujan2020.html",
                  },
                  {
                     name: "https://pivotal.io/security/cve-2018-1257",
                     refsource: "CONFIRM",
                     url: "https://pivotal.io/security/cve-2018-1257",
                  },
                  {
                     name: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                     refsource: "MISC",
                     url: "https://www.oracle.com/security-alerts/cpuoct2021.html",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "c550e75a-17ff-4988-97f0-544cde3820fe",
      assignerShortName: "dell",
      cveId: "CVE-2018-1257",
      datePublished: "2018-05-11T20:00:00Z",
      dateReserved: "2017-12-06T00:00:00",
      dateUpdated: "2024-09-16T22:56:18.536Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"4.3.17\", \"matchCriteriaId\": \"6EAA87A1-BA40-4A91-B042-3EFD799C3FA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"5.0.0\", \"versionEndExcluding\": \"5.0.6\", \"matchCriteriaId\": \"48D8AB57-AD2F-406F-9FBA-CF74BFAF90EF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F08E234C-BDCF-4B41-87B9-96BD5578CBBF\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18260EE8-9BC0-4BA1-9642-90FE052E8B18\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B0BB81C3-29FD-4AE0-8D46-456FAF135F6C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17EA8B91-7634-4636-B647-1049BA7CA088\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"10F17843-32EA-4C31-B65C-F424447BEF7B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A125E817-F974-4509-872C-B71933F42AD1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00280604-1DC1-4974-BF73-216C5D76FFA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"7.0.0.1\", \"matchCriteriaId\": \"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3\", \"matchCriteriaId\": \"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"10.2.1\", \"matchCriteriaId\": \"468931C8-C76A-4E47-BF00-185D85F719C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"6.1.0.4.0\", \"matchCriteriaId\": \"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B65CD29-C729-42AC-925E-014BA19581E2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E856B4A-6AE7-4317-921A-35B4D2048652\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"98F3E643-4B65-4668-BB11-C61ED54D5A53\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDCE0E90-495E-4437-8529-3C36441FB69D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"51C25F23-6800-48A2-881C-C2A2C3FA045C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"ADEA6A93-BD78-47DC-B3C3-6D27239C6647\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E5104F0A-CD23-4A6E-AD59-B6F5A949B006\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"350DFE94-C24A-40FE-98F8-246D5B7F9D83\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"499A382A-8183-4080-8D48-0E00D5E44EE6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"81C24CC1-850E-4BB2-9B50-ABE61984451E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1C4A89F2-713D-4A36-9D28-22748D30E0FD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDFABB2C-2FA2-4F83-985B-7FCEAF274418\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6A609003-8687-40B4-8AC3-06A1534ADE30\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9027528A-4FE7-4E3C-B2DF-CCCED22128F5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2A699D02-296B-411E-9658-5893240605D6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7036576C-2B1F-413D-B154-2DBF9BFDE7E3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A3DC116-2844-47A1-BEC2-D0675DD97148\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"641D134E-6C51-4DB8-8554-F6B5222EF479\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C79B50C2-27C2-4A9C-ACEE-B70015283F58\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB6321F8-7A0A-4DB8-9889-3527023C652A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"25F8E604-8180-4728-AD2D-7FF034E3E65A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"02867DC7-E669-43C0-ACC4-E1CAA8B9994C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FBAFA631-C92B-4FF7-8E65-07C67789EBCD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9652104A-119D-4327-A937-8BED23C23861\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6CBFA960-D242-43ED-8D4C-A60F01B70740\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0513B305-97EF-4609-A82E-D0CDFF9925BA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6DE15D64-6F49-4F43-8079-0C7827384C86\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07630491-0624-4C5C-A858-C5D3CDCD1B68\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EC9CA11F-F718-43E5-ADB9-6C348C75E37A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EAA4DF85-9225-4422-BF10-D7DAE7DCE007\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"77C2A2A4-285B-40A1-B9AD-42219D742DD4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE8CF045-09BB-4069-BCEC-496D5AE3B780\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6FFEA075-11EB-4E99-92A1-8B2883C64CC0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"21973CDD-D16E-4321-9F8E-67F4264D7C21\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"909A7F73-0164-471B-8EBD-1F70072E9809\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CE08DC9-5153-48D6-B23C-68A632FF8FF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"70D4467D-6968-4557-AF61-AFD42B2B48D3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EE188B12-D28E-490C-9948-F5305A7D55BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B40B13B7-68B3-4510-968C-6A730EB46462\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C93CC705-1F8C-4870-99E6-14BF264C3811\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.\"}, {\"lang\": \"es\", \"value\": \"Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a trav\\u00e9s del m\\u00f3dulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de denegaci\\u00f3n de servicio (DoS) de expresi\\u00f3n regular.\"}]",
         id: "CVE-2018-1257",
         lastModified: "2024-11-21T03:59:28.767",
         metrics: "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 6.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:S/C:N/I:N/A:P\", \"baseScore\": 4.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"SINGLE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.0, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2018-05-11T20:29:00.213",
         references: "[{\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104260\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1809\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3768\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2018-1257\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"security_alert@emc.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/104260\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:1809\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://access.redhat.com/errata/RHSA-2018:3768\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://pivotal.io/security/cve-2018-1257\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujan2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpujul2020.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/security-alerts/cpuoct2021.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}]",
         sourceIdentifier: "security_alert@emc.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-noinfo\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2018-1257\",\"sourceIdentifier\":\"security_alert@emc.com\",\"published\":\"2018-05-11T20:29:00.213\",\"lastModified\":\"2024-11-21T03:59:28.767\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Spring Framework, versions 5.0.x prior to 5.0.6, versions 4.3.x prior to 4.3.17, and older unsupported versions allows applications to expose STOMP over WebSocket endpoints with a simple, in-memory STOMP broker through the spring-messaging module. A malicious user (or attacker) can craft a message to the broker that can lead to a regular expression, denial of service attack.\"},{\"lang\":\"es\",\"value\":\"Spring Framework, en versiones 5.0.x anteriores a la 5.0.6, versiones 4.3.x anteriores a la 4.3.17 y versiones antiguas no soportadas, permite que las aplicaciones expongan STOMP sobre los endpoints WebSocket con un simple broker STOP dentro de la memoria a través del módulo spring-messaging. Un usuario (o atacante) malicioso puede crear un mensaje para el broker que puede conducir a un ataque de denegación de servicio (DoS) de expresión regular.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:S/C:N/I:N/A:P\",\"baseScore\":4.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"SINGLE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"4.3.17\",\"matchCriteriaId\":\"6EAA87A1-BA40-4A91-B042-3EFD799C3FA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:vmware:spring_framework:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"5.0.0\",\"versionEndExcluding\":\"5.0.6\",\"matchCriteriaId\":\"48D8AB57-AD2F-406F-9FBA-CF74BFAF90EF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift:-:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F08E234C-BDCF-4B41-87B9-96BD5578CBBF\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F8C893E4-1D3A-4687-BE5A-D26FFEBCCC78\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18260EE8-9BC0-4BA1-9642-90FE052E8B18\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B0BB81C3-29FD-4AE0-8D46-456FAF135F6C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:agile_product_lifecycle_management:9.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4305ED0E-30CC-4AEA-8988-3D1EC93A0BB2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:12.5.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17EA8B91-7634-4636-B647-1049BA7CA088\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5B4DF46F-DBCC-41F2-A260-F83A14838F23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"10F17843-32EA-4C31-B65C-F424447BEF7B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:application_testing_suite:13.3.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A125E817-F974-4509-872C-B71933F42AD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:big_data_discovery:1.6.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00280604-1DC1-4974-BF73-216C5D76FFA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_converged_application_server:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.0.0.1\",\"matchCriteriaId\":\"EC361999-AAD8-4CB3-B00E-E3990C3529B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_diameter_signaling_router:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"CF5A0F0D-313D-4F5C-AD6D-8C118D5CD8D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_performance_intelligence_center:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.2.1\",\"matchCriteriaId\":\"468931C8-C76A-4E47-BF00-185D85F719C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_services_gatekeeper:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"6.1.0.4.0\",\"matchCriteriaId\":\"97C1FA4C-5163-420C-A01A-EA36F1039BBB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B58BCDA-E173-4D4A-A9C5-E9BFF7E57F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D299528-8EF0-49AF-9BDE-4B6C6B1DA36C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17A91FD9-9F77-42D3-A4D9-48BC7568ADE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"539DA24F-E3E0-4455-84C6-A9D96CD601B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B65CD29-C729-42AC-925E-014BA19581E2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:endeca_information_discovery_integrator:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E856B4A-6AE7-4317-921A-35B4D2048652\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:12.1.0.5.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"98F3E643-4B65-4668-BB11-C61ED54D5A53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"459B4A5F-A6BD-4A1C-B6B7-C979F005EB70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_base_platform:13.3.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDCE0E90-495E-4437-8529-3C36441FB69D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_for_mysql_database:13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"51C25F23-6800-48A2-881C-C2A2C3FA045C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:enterprise_manager_ops_center:12.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AB654DFA-FEF9-4D00-ADB0-F3F2B6ACF13E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:2.0.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"ADEA6A93-BD78-47DC-B3C3-6D27239C6647\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:2.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E5104F0A-CD23-4A6E-AD59-B6F5A949B006\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.0.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"350DFE94-C24A-40FE-98F8-246D5B7F9D83\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.0.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"499A382A-8183-4080-8D48-0E00D5E44EE6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:flexcube_private_banking:12.1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"81C24CC1-850E-4BB2-9B50-ABE61984451E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_for_big_data:12.2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1C4A89F2-713D-4A36-9D28-22748D30E0FD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_for_big_data:12.3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDFABB2C-2FA2-4F83-985B-7FCEAF274418\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:goldengate_for_big_data:12.3.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6A609003-8687-40B4-8AC3-06A1534ADE30\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:health_sciences_information_manager:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9027528A-4FE7-4E3C-B2DF-CCCED22128F5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2A699D02-296B-411E-9658-5893240605D6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:healthcare_master_person_index:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7036576C-2B1F-413D-B154-2DBF9BFDE7E3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A3DC116-2844-47A1-BEC2-D0675DD97148\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:hospitality_guest_access:4.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E0F1DF3E-0F2D-4EFC-9A3E-F72149C8AE94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CEE4B2F0-1AAB-4A1F-AE86-A568D43891B3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"641D134E-6C51-4DB8-8554-F6B5222EF479\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_calculation_engine:10.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C79B50C2-27C2-4A9C-ACEE-B70015283F58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB6321F8-7A0A-4DB8-9889-3527023C652A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F8E604-8180-4728-AD2D-7FF034E3E65A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:10.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"02867DC7-E669-43C0-ACC4-E1CAA8B9994C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FBAFA631-C92B-4FF7-8E65-07C67789EBCD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:insurance_rules_palette:11.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9652104A-119D-4327-A937-8BED23C23861\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:15.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6CBFA960-D242-43ED-8D4C-A60F01B70740\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:16.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0513B305-97EF-4609-A82E-D0CDFF9925BA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:primavera_gateway:17.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"61A7F6E0-A4A4-4FC3-90CB-156933CB3B9A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AD4AB77A-E829-4603-AF6A-97B9CD0D687F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_customer_insights:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6DE15D64-6F49-4F43-8079-0C7827384C86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_open_commerce_platform:5.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07630491-0624-4C5C-A858-C5D3CDCD1B68\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC9CA11F-F718-43E5-ADB9-6C348C75E37A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_open_commerce_platform:6.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9FBAAD32-1E9D-47F1-9F47-76FEA47EF54F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAA4DF85-9225-4422-BF10-D7DAE7DCE007\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"77C2A2A4-285B-40A1-B9AD-42219D742DD4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE8CF045-09BB-4069-BCEC-496D5AE3B780\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_order_broker:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"38E74E68-7F19-4EF3-AC00-3C249EAAA39E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BD3C8E59-B07D-4C5E-B467-2FA6C1DFDA5B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:14.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F6DA82ED-20FF-4E6D-ACA0-C65F51F4F5C0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:15.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6FFEA075-11EB-4E99-92A1-8B2883C64CC0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:retail_predictive_application_server:16.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"21973CDD-D16E-4321-9F8E-67F4264D7C21\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"909A7F73-0164-471B-8EBD-1F70072E9809\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:service_architecture_leveraging_tuxedo:12.2.2.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CE08DC9-5153-48D6-B23C-68A632FF8FF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:tape_library_acsls:8.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"70D4467D-6968-4557-AF61-AFD42B2B48D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:utilities_network_management_system:1.12.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EE188B12-D28E-490C-9948-F5305A7D55BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:10.3.6.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B40B13B7-68B3-4510-968C-6A730EB46462\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.1.3.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C93CC705-1F8C-4870-99E6-14BF264C3811\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:oracle:weblogic_server:12.2.1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F14A818F-AA16-4438-A3E4-E64C9287AC66\"}]}]}],\"references\":[{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104260\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1809\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3768\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2018-1257\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"security_alert@emc.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/104260\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:1809\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:3768\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://pivotal.io/security/cve-2018-1257\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujan2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpujul2020.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/security-alerts/cpuoct2021.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.