Action not permitted
Modal body text goes here.
Modal Title
Modal Body
JVNDB-2026-010300
Vulnerability from jvndb - Published: 2026-04-08 12:11 - Updated:2026-04-08 12:11Summary
Multiple Vulnerabilities in Hitachi Ops Center Viewpoint
Details
Hitachi Ops Center Viewpoint contain the following vulnerabilities:
CVE-2014-3643, CVE-2023-3635, CVE-2023-6378, CVE-2023-6481, CVE-2023-35116, CVE-2024-12798, CVE-2024-12801, CVE-2024-47554
References
Impacted products
| Vendor | Product | |
|---|---|---|
{
"@rdf:about": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-010300.html",
"dc:date": "2026-04-08T12:11+09:00",
"dcterms:issued": "2026-04-08T12:11+09:00",
"dcterms:modified": "2026-04-08T12:11+09:00",
"description": "Hitachi Ops Center Viewpoint contain the following vulnerabilities:\r\n\r\nCVE-2014-3643, CVE-2023-3635, CVE-2023-6378, CVE-2023-6481, CVE-2023-35116, CVE-2024-12798, CVE-2024-12801, CVE-2024-47554",
"link": "https://jvndb.jvn.jp/en/contents/2026/JVNDB-2026-010300.html",
"sec:cpe": {
"#text": "cpe:/a:hitachi:ops_center_viewpoint",
"@product": "Hitachi Ops Center Viewpoint",
"@vendor": "Hitachi, Ltd",
"@version": "2.2"
},
"sec:identifier": "JVNDB-2026-010300",
"sec:references": [
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2014-3643",
"@id": "CVE-2014-3643",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-35116",
"@id": "CVE-2023-35116",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-3635",
"@id": "CVE-2023-3635",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-6378",
"@id": "CVE-2023-6378",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2023-6481",
"@id": "CVE-2023-6481",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-12798",
"@id": "CVE-2024-12798",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-12801",
"@id": "CVE-2024-12801",
"@source": "CVE"
},
{
"#text": "https://www.cve.org/CVERecord?id=CVE-2024-47554",
"@id": "CVE-2024-47554",
"@source": "CVE"
}
],
"title": "Multiple Vulnerabilities in Hitachi Ops Center Viewpoint"
}
CVE-2023-35116 (GCVE-0-2023-35116)
Vulnerability from cvelistv5 – Published: 2023-06-14 00:00 – Updated: 2024-08-02 16:23 Disputed
VLAI?
EPSS
Summary
jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor's perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:58.755Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/FasterXML/jackson-databind/issues/3972"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jackson-databind through 2.15.2 allows attackers to cause a denial of service or other unspecified impact via a crafted object that uses cyclic dependencies. NOTE: the vendor\u0027s perspective is that this is not a valid vulnerability report, because the steps of constructing a cyclic data structure and trying to serialize it cannot be achieved by an external attacker."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-26T00:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/FasterXML/jackson-databind/issues/3972"
}
],
"tags": [
"disputed"
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-35116",
"datePublished": "2023-06-14T00:00:00.000Z",
"dateReserved": "2023-06-13T00:00:00.000Z",
"dateUpdated": "2024-08-02T16:23:58.755Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-3635 (GCVE-0-2023-3635)
Vulnerability from cvelistv5 – Published: 2023-07-12 18:34 – Updated: 2024-10-23 13:32
VLAI?
EPSS
Title
Okio GzipSource unhandled exception Denial of Service
Summary
GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.
Severity ?
5.9 (Medium)
CWE
- CWE-195 - Signed to Unsigned Conversion Error
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T07:01:57.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-3635",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-22T17:26:23.899148Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-23T13:32:52.994Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://mvnrepository.com",
"defaultStatus": "unaffected",
"packageName": "com.squareup.okio:okio",
"versions": [
{
"lessThan": "1.0.0",
"status": "affected",
"version": "0.5.0",
"versionType": "maven"
},
{
"lessThan": "1.17.6",
"status": "affected",
"version": "1.0.0",
"versionType": "maven"
},
{
"lessThan": "3.0.0",
"status": "affected",
"version": "2.0.0",
"versionType": "maven"
},
{
"lessThan": "3.4.0",
"status": "affected",
"version": "3.0.0",
"versionType": "maven"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eGzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\u003c/p\u003e"
}
],
"value": "GzipSource does not handle an exception that might be raised when parsing a malformed gzip buffer. This may lead to denial of service of the Okio client when handling a crafted GZIP archive, by using the GzipSource class.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-195",
"description": "CWE-195: Signed to Unsigned Conversion Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-03T21:09:06.443Z",
"orgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"shortName": "JFROG"
},
"references": [
{
"url": "https://research.jfrog.com/vulnerabilities/okio-gzip-source-unhandled-exception-dos-xray-523195/"
},
{
"url": "https://github.com/square/okio/commit/81bce1a30af244550b0324597720e4799281da7b"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Okio GzipSource unhandled exception Denial of Service",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "48a46f29-ae42-4e1d-90dd-c1676c1e5e6d",
"assignerShortName": "JFROG",
"cveId": "CVE-2023-3635",
"datePublished": "2023-07-12T18:34:31.609Z",
"dateReserved": "2023-07-12T12:46:57.470Z",
"dateUpdated": "2024-10-23T13:32:52.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12801 (GCVE-0-2024-12801)
Vulnerability from cvelistv5 – Published: 2024-12-19 16:11 – Updated: 2025-01-03 13:40
VLAI?
EPSS
Title
SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks
Summary
Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to
forge requests by compromising logback configuration files in XML.
The attacks involves the modification of DOCTYPE declaration in XML configuration files.
Severity ?
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QOS.CH Sarl | logback |
Affected:
0.1 , ≤ 1.3.14
(maven)
Affected: 1.4.0 , ≤ 1.5.12 (maven) Unaffected: 1.3.15 Unaffected: 1.5.13 |
Credits
7asecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12801",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:15:51.883590Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:16:07.566Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"XML configuration component"
],
"platforms": [
"Java"
],
"product": "logback",
"vendor": "QOS.CH Sarl",
"versions": [
{
"lessThanOrEqual": "1.3.14",
"status": "affected",
"version": "0.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "1.5.12",
"status": "affected",
"version": "1.4.0",
"versionType": "maven"
},
{
"status": "unaffected",
"version": "1.3.15"
},
{
"status": "unaffected",
"version": "1.5.13"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "The attacker needs to access and write to logback configuration files. Alternatively, the attacker needs to be able to force the use of a malicious logback configuration file at application start.\u003cbr\u003e"
}
],
"value": "The attacker needs to access and write to logback configuration files. Alternatively, the attacker needs to be able to force the use of a malicious logback configuration file at application start."
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "7asecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eServer-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12\u0026nbsp; on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\u003cbr\u003e\u003cbr\u003eThe attacks involves the modification of DOCTYPE declaration in\u0026nbsp; XML configuration files.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "Server-Side Request Forgery (SSRF) in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12\u00a0 on the Java platform, allows an attacker to \nforge requests by compromising logback configuration files in XML.\n\n\n\nThe attacks involves the modification of DOCTYPE declaration in\u00a0 XML configuration files."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known existing exploitation.\u003cbr\u003e"
}
],
"value": "No known existing exploitation."
}
],
"impacts": [
{
"capecId": "CAPEC-212",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-212 Functionality Misuse"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 2.4,
"baseSeverity": "LOW",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "HIGH",
"subConfidentialityImpact": "HIGH",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "DIFFUSE",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:N/VA:L/SC:H/SI:H/SA:H/V:D/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "NONE",
"vulnerabilityResponseEffort": "NOT_DEFINED"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T13:40:41.135Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://logback.qos.ch/news.html#1.5.13"
},
{
"url": "https://logback.qos.ch/news.html#1.3.15"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable.\n\u003cbr\u003e"
}
],
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "SaxEventRecorder vulnerable to Server-Side Request Forgery (SSRF) attacks",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable."
}
],
"value": "Update to logback version 1.5.13 or later. If you are using the 1.3.x \nseries, update to logback version 1.3.15 or later. Note that the 1.4.x \nseries remains vulnerable."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-12801",
"datePublished": "2024-12-19T16:11:50.044Z",
"dateReserved": "2024-12-19T16:09:59.761Z",
"dateUpdated": "2025-01-03T13:40:41.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-47554 (GCVE-0-2024-47554)
Vulnerability from cvelistv5 – Published: 2024-10-03 11:32 – Updated: 2025-01-31 15:02
VLAI?
EPSS
Title
Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader
Summary
Uncontrolled Resource Consumption vulnerability in Apache Commons IO.
The org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.
This issue affects Apache Commons IO: from 2.0 before 2.14.0.
Users are recommended to upgrade to version 2.14.0 or later, which fixes the issue.
Severity ?
No CVSS data available.
CWE
- CWE-400 - Uncontrolled Resource Consumption
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Apache Software Foundation | Apache Commons IO |
Affected:
2.0 , < 2.14.0
(semver)
|
Credits
CodeQL
{
"containers": {
"adp": [
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-47554",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:00:56.326970Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T15:03:37.949Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2025-01-31T15:02:47.229Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"url": "http://www.openwall.com/lists/oss-security/2024/10/03/2"
},
{
"url": "https://security.netapp.com/advisory/ntap-20250131-0010/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://repo.maven.apache.org/maven2",
"defaultStatus": "unaffected",
"packageName": "commons-io:commons-io",
"product": "Apache Commons IO",
"vendor": "Apache Software Foundation",
"versions": [
{
"lessThan": "2.14.0",
"status": "affected",
"version": "2.0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "tool",
"value": "CodeQL"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eUncontrolled Resource Consumption vulnerability in Apache Commons IO.\u003c/p\u003e\u003cp\u003eThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\u003cbr\u003e\u003c/p\u003e\u003cp\u003eThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue.\u003c/p\u003e"
}
],
"value": "Uncontrolled Resource Consumption vulnerability in Apache Commons IO.\n\nThe org.apache.commons.io.input.XmlStreamReader class may excessively consume CPU resources when processing maliciously crafted input.\n\n\nThis issue affects Apache Commons IO: from 2.0 before 2.14.0.\n\nUsers are recommended to upgrade to version 2.14.0 or later, which fixes the issue."
}
],
"metrics": [
{
"other": {
"content": {
"text": "low"
},
"type": "Textual description of severity"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400 Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T11:32:48.936Z",
"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"shortName": "apache"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://lists.apache.org/thread/6ozr91rr9cj5lm0zyhv30bsp317hk5z1"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Apache Commons IO: Possible denial of service attack on untrusted input to XmlStreamReader",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
"assignerShortName": "apache",
"cveId": "CVE-2024-47554",
"datePublished": "2024-10-03T11:32:48.936Z",
"dateReserved": "2024-09-26T16:12:46.116Z",
"dateUpdated": "2025-01-31T15:02:47.229Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-12798 (GCVE-0-2024-12798)
Vulnerability from cvelistv5 – Published: 2024-12-19 15:14 – Updated: 2025-01-03 13:38
VLAI?
EPSS
Title
JaninoEventEvaluator vulnerability
Summary
ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core
upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows
attacker to execute arbitrary code by compromising an existing
logback configuration file or by injecting an environment variable
before program execution.
Malicious logback configuration files can allow the attacker to execute
arbitrary code using the JaninoEventEvaluator extension.
A successful attack requires the user to have write access to a
configuration file. Alternatively, the attacker could inject a malicious
environment variable pointing to a malicious configuration file. In both
cases, the attack requires existing privilege.
Severity ?
CWE
- CWE-917 - Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QOS.CH Sarl | Logback-core |
Affected:
0.1 , ≤ 1.3.14
(maven)
Affected: 1.4.0 , ≤ 1.5.12 (maven) Unaffected: 1.3.15 Unaffected: 1.5.13 |
Credits
7asecurity
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-12798",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-20T20:17:18.406704Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-20T20:17:33.360Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"logback-core"
],
"product": "Logback-core",
"vendor": "QOS.CH Sarl",
"versions": [
{
"lessThanOrEqual": "1.3.14",
"status": "affected",
"version": "0.1",
"versionType": "maven"
},
{
"lessThanOrEqual": "1.5.12",
"status": "affected",
"version": "1.4.0",
"versionType": "maven"
},
{
"status": "unaffected",
"version": "1.3.15"
},
{
"status": "unaffected",
"version": "1.5.13"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "7asecurity"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core\n upto including version 0.1 to 1.3.14 and\u0026nbsp;1.4.0 to 1.5.12 in Java applications allows\n attacker to execute arbitrary code by compromising an existing\n logback configuration file or by injecting an environment variable\n before program execution.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eMalicious logback configuration files can allow the attacker to execute \narbitrary code using the JaninoEventEvaluator extension.\n\u003cbr\u003e\n\u003cbr\u003eA successful attack requires the user to have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege.\n\n\n\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core\n upto including version 0.1 to 1.3.14 and\u00a01.4.0 to 1.5.12 in Java applications allows\n attacker to execute arbitrary code by compromising an existing\n logback configuration file or by injecting an environment variable\n before program execution.\n\n\n\n\n\nMalicious logback configuration files can allow the attacker to execute \narbitrary code using the JaninoEventEvaluator extension.\n\n\n\nA successful attack requires the user to have write access to a \nconfiguration file. Alternatively, the attacker could inject a malicious \nenvironment variable pointing to a malicious configuration file. In both \ncases, the attack requires existing privilege."
}
],
"exploits": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "No known exploitation\u003cbr\u003e"
}
],
"value": "No known exploitation"
}
],
"impacts": [
{
"capecId": "CAPEC-242",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-242 Code Injection"
}
]
}
],
"metrics": [
{
"cvssV4_0": {
"Automatable": "NOT_DEFINED",
"Recovery": "NOT_DEFINED",
"Safety": "NOT_DEFINED",
"attackComplexity": "LOW",
"attackRequirements": "PRESENT",
"attackVector": "LOCAL",
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"privilegesRequired": "LOW",
"providerUrgency": "CLEAR",
"subAvailabilityImpact": "LOW",
"subConfidentialityImpact": "LOW",
"subIntegrityImpact": "HIGH",
"userInteraction": "PASSIVE",
"valueDensity": "NOT_DEFINED",
"vectorString": "CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:P/VC:L/VI:H/VA:L/SC:L/SI:H/SA:L/RE:L/U:Clear",
"version": "4.0",
"vulnAvailabilityImpact": "LOW",
"vulnConfidentialityImpact": "LOW",
"vulnIntegrityImpact": "HIGH",
"vulnerabilityResponseEffort": "LOW"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-917",
"description": "CWE-917 Improper Neutralization of Special Elements used in an Expression Language Statement (\u0027Expression Language Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T13:38:58.152Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://logback.qos.ch/news.html#1.5.13"
},
{
"url": "https://logback.qos.ch/news.html#1.3.15"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remove Janino from the Java classpath. Alternatively, update to logback \nversion 1.5.13 or later. If you are using the 1.3.x series, update to \nlogback version 1.3.15 or later. Note that the 1.4.x series remains \nvulnerable."
}
],
"value": "Remove Janino from the Java classpath. Alternatively, update to logback \nversion 1.5.13 or later. If you are using the 1.3.x series, update to \nlogback version 1.3.15 or later. Note that the 1.4.x series remains \nvulnerable."
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "JaninoEventEvaluator\u00a0vulnerability",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Remove Janino from the Java classpath. Alternatively, update to logback \nversion 1.5.13 or later. If you are using the 1.3.x series, update to \nlogback version 1.3.15 or later. Note that the 1.4.x series remains \nvulnerable."
}
],
"value": "Remove Janino from the Java classpath. Alternatively, update to logback \nversion 1.5.13 or later. If you are using the 1.3.x series, update to \nlogback version 1.3.15 or later. Note that the 1.4.x series remains \nvulnerable."
}
],
"x_generator": {
"engine": "Vulnogram 0.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2024-12798",
"datePublished": "2024-12-19T15:14:21.598Z",
"dateReserved": "2024-12-19T14:21:00.178Z",
"dateUpdated": "2025-01-03T13:38:58.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6378 (GCVE-0-2023-6378)
Vulnerability from cvelistv5 – Published: 2023-11-29 12:02 – Updated: 2024-11-29 12:04
VLAI?
EPSS
Title
Logback "receiver" DOS vulnerability
Summary
A serialization vulnerability in logback receiver component part of
logback version 1.4.11 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Severity ?
7.1 (High)
CWE
- Denial-of-service using poisoned data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QOS.CH Sarl | logback |
Unaffected:
1.4.12
Unaffected: 1.3.12 Unaffected: 1.2.13 |
Credits
Yakov Shafranovich, Amazon Web Services
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-11-29T12:04:40.421Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logback.qos.ch/news.html#1.3.12"
},
{
"url": "https://security.netapp.com/advisory/ntap-20241129-0012/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-6378",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-11T17:51:31.895829Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-11T17:55:50.633Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"logback receiver"
],
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "logback",
"repo": "https://github.com/qos-ch/logback",
"vendor": "QOS.CH Sarl",
"versions": [
{
"status": "unaffected",
"version": "1.4.12"
},
{
"status": "unaffected",
"version": "1.3.12"
},
{
"status": "unaffected",
"version": "1.2.13"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cpre\u003eThe attacker needs to be able to feed poisoned data to a logback receiver. Thus, the attacker needs to connect to a logback receiver which can be a significant hurdle in itself.\u003c/pre\u003e\n\n\u003cbr\u003e"
}
],
"value": "The attacker needs to be able to feed poisoned data to a logback receiver. Thus, the attacker needs to connect to a logback receiver which can be a significant hurdle in itself.\n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yakov Shafranovich, Amazon Web Services"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nA serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
}
],
"value": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.11 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Excessive CPU or memory usage on the host where a logback receiver component is deployed"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service using poisoned data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-05T08:57:52.168Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://logback.qos.ch/news.html#1.3.12"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only environments where logback receiver component is deployed may be vulnerable.\n In case a logback receiver is deployed, restricting connections to \ntrustworthy clients or upgrading to logback version 1.4.12 or later will remedy the vulnerability.\u003cbr\u003e"
}
],
"value": "Only environments where logback receiver component is deployed may be vulnerable.\n In case a logback receiver is deployed, restricting connections to \ntrustworthy clients or upgrading to logback version 1.4.12 or later will remedy the vulnerability.\n"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "Logback \"receiver\" DOS vulnerability ",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only environments where logback receiver is deployed are vulnerable. \u003cbr\u003e"
}
],
"value": "Only environments where logback receiver is deployed are vulnerable. \n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-6378",
"datePublished": "2023-11-29T12:02:37.496Z",
"dateReserved": "2023-11-29T10:18:07.523Z",
"dateUpdated": "2024-11-29T12:04:40.421Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-6481 (GCVE-0-2023-6481)
Vulnerability from cvelistv5 – Published: 2023-12-04 08:35 – Updated: 2024-08-02 08:28
VLAI?
EPSS
Title
Logback "receiver" DOS vulnerability CVE-2023-6378 incomplete fix
Summary
A serialization vulnerability in logback receiver component part of
logback version 1.4.13, 1.3.13 and 1.2.12 allows an attacker to mount a Denial-Of-Service
attack by sending poisoned data.
Severity ?
7.1 (High)
CWE
- Denial-of-service using poisoned data
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| QOS.CH Sarl | logback |
Unaffected:
1.4.14
Unaffected: 1.3.14 Unaffected: 1.2.13 |
Credits
Yakov Shafranovich, Amazon Web Services
Camilo Aparecido Ferri Moreira
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:28:21.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://logback.qos.ch/news.html#1.3.12"
},
{
"tags": [
"x_transferred"
],
"url": "https://logback.qos.ch/news.html#1.3.14"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"modules": [
"logback receiver"
],
"platforms": [
"Windows",
"Linux",
"MacOS"
],
"product": "logback",
"repo": "https://github.com/qos-ch/logback",
"vendor": "QOS.CH Sarl",
"versions": [
{
"status": "unaffected",
"version": "1.4.14"
},
{
"status": "unaffected",
"version": "1.3.14"
},
{
"status": "unaffected",
"version": "1.2.13"
}
]
}
],
"configurations": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\u003cpre\u003eThe attacker needs to be able to feed poisoned data to a logback receiver. Thus, the attacker needs to connect to a logback receiver which can be a significant hurdle in itself.\u003cbr\u003eOnly environments where logback receiver is deployed are vulnerable. \u003cbr\u003e\u003c/pre\u003e\n\n"
}
],
"value": "The attacker needs to be able to feed poisoned data to a logback receiver. Thus, the attacker needs to connect to a logback receiver which can be a significant hurdle in itself.\nOnly environments where logback receiver is deployed are vulnerable. \n\n\n\n\n"
}
],
"credits": [
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Yakov Shafranovich, Amazon Web Services"
},
{
"lang": "en",
"type": "reporter",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Camilo Aparecido Ferri Moreira"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\nA serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,\u0026nbsp;1.3.13 and\u0026nbsp;1.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
}
],
"value": "A serialization vulnerability in logback receiver component part of \nlogback version 1.4.13,\u00a01.3.13 and\u00a01.2.12 allows an attacker to mount a Denial-Of-Service \nattack by sending poisoned data.\n\n"
}
],
"impacts": [
{
"descriptions": [
{
"lang": "en",
"value": "Excessive CPU or memory usage on the host where a logback receiver component is deployed"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial-of-service using poisoned data",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-04T08:35:44.396Z",
"orgId": "455daabc-a392-441d-aa46-37d35189897c",
"shortName": "NCSC.ch"
},
"references": [
{
"url": "https://logback.qos.ch/news.html#1.3.12"
},
{
"url": "https://logback.qos.ch/news.html#1.3.14"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Only environments where logback receiver component is deployed may be vulnerable.\n In case a logback receiver is deployed, restricting connections to \ntrustworthy clients or upgrading to logback version 1.4.14, 1.3.14, 1.2.13 or later will remedy the vulnerability.\u003cbr\u003e\u003cbr\u003eIf you do not need to deploy logback-receiver, then please verify that you do not have any \u0026lt;receiver\u0026gt;\u0026lt;/receiver\u0026gt; entries in your configuration files.\u003cbr\u003e"
}
],
"value": "Only environments where logback receiver component is deployed may be vulnerable.\n In case a logback receiver is deployed, restricting connections to \ntrustworthy clients or upgrading to logback version 1.4.14, 1.3.14, 1.2.13 or later will remedy the vulnerability.\n\nIf you do not need to deploy logback-receiver, then please verify that you do not have any \u003creceiver\u003e\u003c/receiver\u003e entries in your configuration files.\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Logback \"receiver\" DOS vulnerability CVE-2023-6378 incomplete fix",
"workarounds": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Logback versions 1.2.13 and later, 1.3.14 \nand later\u0026nbsp; or 1.4.14 \nand later\n\nprovides fixes. However, please note that these fixes are only effective when deployed under Java 9 or later.\u003cbr\u003e"
}
],
"value": "Logback versions 1.2.13 and later, 1.3.14 \nand later\u00a0 or 1.4.14 \nand later\n\nprovides fixes. However, please note that these fixes are only effective when deployed under Java 9 or later.\n"
}
],
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "455daabc-a392-441d-aa46-37d35189897c",
"assignerShortName": "NCSC.ch",
"cveId": "CVE-2023-6481",
"datePublished": "2023-12-04T08:35:44.396Z",
"dateReserved": "2023-12-04T08:34:29.742Z",
"dateUpdated": "2024-08-02T08:28:21.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3643 (GCVE-0-2014-3643)
Vulnerability from cvelistv5 – Published: 2019-12-15 21:12 – Updated: 2024-08-06 10:50
VLAI?
EPSS
Summary
jersey: XXE via parameter entities not disabled by the jersey SAX parser
Severity ?
No CVSS data available.
CWE
- XXE via parameter entities
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:50:18.249Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3643"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "jersey",
"vendor": "jersey",
"versions": [
{
"status": "affected",
"version": "through 2014-09-17"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "jersey: XXE via parameter entities not disabled by the jersey SAX parser"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "XXE via parameter entities",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-22T17:57:19.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "Red Hat",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/security/cve/cve-2014-3643"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2014-3643",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "jersey",
"version": {
"version_data": [
{
"version_value": "through 2014-09-17"
}
]
}
}
]
},
"vendor_name": "jersey"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "jersey: XXE via parameter entities not disabled by the jersey SAX parser"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "XXE via parameter entities"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "Red Hat",
"refsource": "REDHAT",
"url": "https://access.redhat.com/security/cve/cve-2014-3643"
},
{
"name": "https://www.oracle.com/security-alerts/cpujul2022.html",
"refsource": "MISC",
"url": "https://www.oracle.com/security-alerts/cpujul2022.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3643"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3643",
"datePublished": "2019-12-15T21:12:24.000Z",
"dateReserved": "2014-05-14T00:00:00.000Z",
"dateUpdated": "2024-08-06T10:50:18.249Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…