var-202107-1602
Vulnerability from variot
When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing ZIP archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", affected_products: { "@id": "https://www.variotdbs.pl/ref/affected_products", }, configurations: { "@id": "https://www.variotdbs.pl/ref/configurations", }, credits: { "@id": "https://www.variotdbs.pl/ref/credits", }, cvss: { "@id": "https://www.variotdbs.pl/ref/cvss/", }, description: { "@id": "https://www.variotdbs.pl/ref/description/", }, exploit_availability: { "@id": "https://www.variotdbs.pl/ref/exploit_availability/", }, external_ids: { "@id": "https://www.variotdbs.pl/ref/external_ids/", }, iot: { "@id": "https://www.variotdbs.pl/ref/iot/", }, iot_taxonomy: { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/", }, patch: { "@id": "https://www.variotdbs.pl/ref/patch/", }, problemtype_data: { "@id": "https://www.variotdbs.pl/ref/problemtype_data/", }, references: { "@id": "https://www.variotdbs.pl/ref/references/", }, sources: { "@id": "https://www.variotdbs.pl/ref/sources/", }, sources_release_date: { "@id": "https://www.variotdbs.pl/ref/sources_release_date/", }, sources_update_date: { "@id": "https://www.variotdbs.pl/ref/sources_update_date/", }, threat_type: { "@id": "https://www.variotdbs.pl/ref/threat_type/", }, title: { "@id": "https://www.variotdbs.pl/ref/title/", }, type: { "@id": "https://www.variotdbs.pl/ref/type/", }, }, "@id": "https://www.variotdbs.pl/vuln/VAR-202107-1602", affected_products: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { model: "primavera unifier", scope: "gte", trust: 1, vendor: "oracle", version: "17.7", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3.0", }, { model: "communications diameter intelligence hub", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.0", }, { model: "communications diameter intelligence hub", scope: "gte", trust: 1, vendor: "oracle", version: "8.2.0", }, { model: "retail merchandising system", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.3.0", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "20.12.0", }, { model: "primavera unifier", scope: "lte", trust: 1, vendor: "oracle", version: "17.12", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.5.0", }, { model: "retail back office", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "retail central office", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "utilities framework", scope: "gte", trust: 1, vendor: "oracle", version: "4.3.0.1.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.2.0", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.2", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.6", }, { model: "retail advanced inventory planning", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.2", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "20.12.7", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.0.2.0", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "18.8.0", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3", }, { model: "retail bulk data integration", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "health sciences information manager", scope: "eq", trust: 1, vendor: "oracle", version: "3.0.0.1", }, { model: "insurance policy administration", scope: "lte", trust: 1, vendor: "oracle", version: "11.3.1", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.1", }, { model: "retail point-of-service", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "19.12.0", }, { model: "communications diameter intelligence hub", scope: "lte", trust: 1, vendor: "oracle", version: "8.2.3", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1", }, { model: "retail point-of-service", scope: "eq", trust: 1, vendor: "oracle", version: "14.0", }, { model: "agile engineering data management", scope: "eq", trust: 1, vendor: "oracle", version: "6.2.1.0", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "18.8.12", }, { model: "retail invoice matching", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3", }, { model: "communications diameter intelligence hub", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.0", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.4.0", }, { model: "product lifecycle analytics", scope: "eq", trust: 1, vendor: "oracle", version: "3.6.1", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.4.0.0.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "18.8", }, { model: "financial services analytical applications infrastructure", scope: "gte", trust: 1, vendor: "oracle", version: "8.0.6", }, { model: "retail advanced inventory planning", scope: "eq", trust: 1, vendor: "oracle", version: "16.0", }, { model: "health sciences information manager", scope: "lte", trust: 1, vendor: "oracle", version: "3.0.5", }, { model: "communications cloud native core automated test suite", scope: "eq", trust: 1, vendor: "oracle", version: "1.9.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1.0", }, { model: "communications unified inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4.0", }, { model: "utilities testing accelerator", scope: "eq", trust: 1, vendor: "oracle", version: "6.0.0.1.1", }, { model: "financial services analytical applications infrastructure", scope: "lte", trust: 1, vendor: "oracle", version: "8.1.1", }, { model: "retail back office", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "retail central office", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "19.12.11", }, { model: "primavera gateway", scope: "gte", trust: 1, vendor: "oracle", version: "17.12.0", }, { model: "banking treasury management", scope: "eq", trust: 1, vendor: "oracle", version: "14.5", }, { model: "retail advanced inventory planning", scope: "eq", trust: 1, vendor: "oracle", version: "14.1", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "20.0.1", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "19.0.1.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "20.12", }, { model: "real-time decision server", scope: "eq", trust: 1, vendor: "oracle", version: "3.2.0.0", }, { model: "retail financial integration", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "ant", scope: "lt", trust: 1, vendor: "apache", version: "1.9.16", }, { model: "banking trade finance", scope: "eq", trust: 1, vendor: "oracle", version: "14.5", }, { model: "timesten in-memory database", scope: "lt", trust: 1, vendor: "oracle", version: "11.2.2.8.27", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.4.0", }, { model: "real-time decision server", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.9.0", }, { model: "primavera unifier", scope: "eq", trust: 1, vendor: "oracle", version: "19.12", }, { model: "retail store inventory management", scope: "eq", trust: 1, vendor: "oracle", version: "15.0", }, { model: "health sciences information manager", scope: "gte", trust: 1, vendor: "oracle", version: "3.0.1", }, { model: "retail extract transform and load", scope: "eq", trust: 1, vendor: "oracle", version: "13.2.8", }, { model: "agile plm", scope: "eq", trust: 1, vendor: "oracle", version: "9.3.6", }, { model: "insurance policy administration", scope: "gte", trust: 1, vendor: "oracle", version: "11.0", }, { model: "enterprise repository", scope: "eq", trust: 1, vendor: "oracle", version: "11.1.1.7.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "17.0.4", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "ant", scope: "gte", trust: 1, vendor: "apache", version: "1.9.0", }, { model: "ant", scope: "lt", trust: 1, vendor: "apache", version: "1.10.11", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.4.0", }, { model: "utilities framework", scope: "lte", trust: 1, vendor: "oracle", version: "4.3.0.6.0", }, { model: "ant", scope: "gte", trust: 1, vendor: "apache", version: "1.10.0", }, { model: "communications order and service management", scope: "eq", trust: 1, vendor: "oracle", version: "7.3", }, { model: "utilities framework", scope: "eq", trust: 1, vendor: "oracle", version: "4.2.0.3.0", }, { model: "retail xstore point of service", scope: "eq", trust: 1, vendor: "oracle", version: "18.0.3", }, { model: "retail predictive application server", scope: "eq", trust: 1, vendor: "oracle", version: "15.0.3", }, { model: "primavera gateway", scope: "lte", trust: 1, vendor: "oracle", version: "17.12.11", }, { model: "retail eftlink", scope: "eq", trust: 1, vendor: "oracle", version: "20.0.1", }, { model: "retail bulk data integration", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "retail integration bus", scope: "eq", trust: 1, vendor: "oracle", version: "14.1.3.2", }, { model: "retail service backbone", scope: "eq", trust: 1, vendor: "oracle", version: "16.0.3.0", }, { model: "communications cloud native core binding support function", scope: "eq", trust: 1, vendor: "oracle", version: "1.11.0", }, { model: "communications order and service management", scope: "eq", trust: 1, vendor: "oracle", version: "7.4", }, { model: "oracle agile plm", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle retail advanced inventory planning", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle real-time decision server", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle communications unified inventory management", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "ant", scope: null, trust: 0.8, vendor: "apache", version: null, }, { model: "oracle financial services analytical applications infrastructure", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle retail back office", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle insurance policy administration", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "primavera gateway", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "oracle enterprise repository", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, { model: "primavera unifier", scope: null, trust: 0.8, vendor: "オラクル", version: null, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "NVD", id: "CVE-2021-36374", }, ], }, configurations: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", children: { "@container": "@list", }, cpe_match: { "@container": "@list", }, data: { "@container": "@list", }, nodes: { "@container": "@list", }, }, data: [ { CVE_data_version: "4.0", nodes: [ { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.10.11", versionStartIncluding: "1.10.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:apache:ant:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "1.9.16", versionStartIncluding: "1.9.0", vulnerable: true, }, ], operator: "OR", }, { children: [], cpe_match: [ { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:enterprise_repository:11.1.1.7.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_back_office:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_back_office:14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.2.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.2.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_central_office:14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_central_office:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:18.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_point-of-service:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_point-of-service:14.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:15.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "17.12", versionStartIncluding: "17.7", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_plm:9.3.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:19.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "4.3.0.6.0", versionStartIncluding: "4.3.0.1.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.2.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:14.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_bulk_data_integration:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:agile_engineering_data_management:6.2.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_unifier:20.12:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_order_and_service_management:7.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:16.0.6:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:17.0.4:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:18.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:19.0.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_xstore_point_of_service:20.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "17.12.11", versionStartIncluding: "17.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_framework:4.4.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "20.12.7", versionStartIncluding: "20.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "19.12.11", versionStartIncluding: "19.12.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:primavera_gateway:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "18.8.12", versionStartIncluding: "18.8.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:financial_services_analytical_applications_infrastructure:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.1.1", versionStartIncluding: "8.0.6", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:insurance_policy_administration:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "11.3.1", versionStartIncluding: "11.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:real-time_decision_server:3.2.0.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:15.0.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_service_backbone:19.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_merchandising_system:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:15.0.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_store_inventory_management:15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_integration_bus:19.0.1.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_predictive_application_server:14.1.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:14.1.3.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:15.0.4.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_financial_integration:16.0.3.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_extract_transform_and_load:13.2.8:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_bulk_data_integration:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:15.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_advanced_inventory_planning:16.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:real-time_decision_server:11.1.1.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:19.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_order_and_service_management:7.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:utilities_testing_accelerator:6.0.0.1.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_invoice_matching:16.0.3:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:retail_eftlink:20.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.4.2:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_unified_inventory_management:7.5.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:timesten_in-memory_database:*:*:*:*:*:*:*:*", cpe_name: [], versionEndExcluding: "11.2.2.8.27", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:product_lifecycle_analytics:3.6.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_automated_test_suite:1.9.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_cloud_native_core_binding_support_function:1.11.0:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.1.0", versionStartIncluding: "8.0.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_trade_finance:14.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:banking_treasury_management:14.5:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:communications_diameter_intelligence_hub:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "8.2.3", versionStartIncluding: "8.2.0", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_information_manager:*:*:*:*:*:*:*:*", cpe_name: [], versionEndIncluding: "3.0.5", versionStartIncluding: "3.0.1", vulnerable: true, }, { cpe23Uri: "cpe:2.3:a:oracle:health_sciences_information_manager:3.0.0.1:*:*:*:*:*:*:*", cpe_name: [], vulnerable: true, }, ], operator: "OR", }, ], }, ], sources: [ { db: "NVD", id: "CVE-2021-36374", }, ], }, cve: "CVE-2021-36374", cvss: { "@context": { cvssV2: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2", }, cvssV3: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#", }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/", }, severity: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#", }, "@id": "https://www.variotdbs.pl/ref/cvss/severity", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, "@id": "https://www.variotdbs.pl/ref/sources", }, }, data: [ { cvssV2: [ { acInsufInfo: false, accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "NVD", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, impactScore: 2.9, integrityImpact: "NONE", obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, severity: "MEDIUM", trust: 1, userInteractionRequired: true, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { acInsufInfo: null, accessComplexity: "Medium", accessVector: "Network", authentication: "None", author: "NVD", availabilityImpact: "Partial", baseScore: 4.3, confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-36374", impactScore: null, integrityImpact: "None", obtainAllPrivilege: null, obtainOtherPrivilege: null, obtainUserPrivilege: null, severity: "Medium", trust: 0.9, userInteractionRequired: null, vectorString: "AV:N/AC:M/Au:N/C:N/I:N/A:P", version: "2.0", }, { accessComplexity: "MEDIUM", accessVector: "NETWORK", authentication: "NONE", author: "VULHUB", availabilityImpact: "PARTIAL", baseScore: 4.3, confidentialityImpact: "NONE", exploitabilityScore: 8.6, id: "VHN-396550", impactScore: 2.9, integrityImpact: "NONE", severity: "MEDIUM", trust: 0.1, vectorString: "AV:N/AC:M/AU:N/C:N/I:N/A:P", version: "2.0", }, ], cvssV3: [ { attackComplexity: "LOW", attackVector: "LOCAL", author: "NVD", availabilityImpact: "HIGH", baseScore: 5.5, baseSeverity: "MEDIUM", confidentialityImpact: "NONE", exploitabilityScore: 1.8, impactScore: 3.6, integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", trust: 1, userInteraction: "REQUIRED", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.1", }, { attackComplexity: "Low", attackVector: "Local", author: "NVD", availabilityImpact: "High", baseScore: 5.5, baseSeverity: "Medium", confidentialityImpact: "None", exploitabilityScore: null, id: "CVE-2021-36374", impactScore: null, integrityImpact: "None", privilegesRequired: "None", scope: "Unchanged", trust: 0.8, userInteraction: "Required", vectorString: "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", version: "3.0", }, ], severity: [ { author: "NVD", id: "CVE-2021-36374", trust: 1.8, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, value: "MEDIUM", }, { author: "CNNVD", id: "CNNVD-202107-984", trust: 0.6, value: "MEDIUM", }, { author: "VULHUB", id: "VHN-396550", trust: 0.1, value: "MEDIUM", }, { author: "VULMON", id: "CVE-2021-36374", trust: 0.1, value: "MEDIUM", }, ], }, ], sources: [ { db: "VULHUB", id: "VHN-396550", }, { db: "VULMON", id: "CVE-2021-36374", }, { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "NVD", id: "CVE-2021-36374", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202107-984", }, ], }, description: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "When reading a specially crafted ZIP archive, or a derived formats, an Apache Ant build can be made to allocate large amounts of memory that leads to an out of memory error, even for small inputs. This can be used to disrupt builds using Apache Ant. Commonly used derived formats from ZIP archives are for instance JAR files and many office files. Apache Ant prior to 1.9.16 and 1.10.11 were affected. Apache Ant Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apache Ant is a set of automation tools for Java software development developed by the Apache Foundation of the United States. This tool is mainly used for software compilation, testing and deployment. A resource management error vulnerability exists in Apache Ant due to the application's failure to properly control the consumption of internal resources when processing ZIP archives. An attacker could exploit this vulnerability to trigger resource exhaustion and perform a denial of service (DoS) attack", sources: [ { db: "NVD", id: "CVE-2021-36374", }, { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "VULHUB", id: "VHN-396550", }, { db: "VULMON", id: "CVE-2021-36374", }, ], trust: 2.34, }, external_ids: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { db: "NVD", id: "CVE-2021-36374", trust: 3.4, }, { db: "JVNDB", id: "JVNDB-2021-010002", trust: 0.8, }, { db: "CS-HELP", id: "SB2021041363", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202104-975", trust: 0.6, }, { db: "CS-HELP", id: "SB2021072011", trust: 0.6, }, { db: "CS-HELP", id: "SB2022072096", trust: 0.6, }, { db: "CS-HELP", id: "SB2022042272", trust: 0.6, }, { db: "CS-HELP", id: "SB2022072042", trust: 0.6, }, { db: "CS-HELP", id: "SB2022011911", trust: 0.6, }, { db: "CS-HELP", id: "SB2022012324", trust: 0.6, }, { db: "CS-HELP", id: "SB2021101927", trust: 0.6, }, { db: "CS-HELP", id: "SB2022042546", trust: 0.6, }, { db: "CS-HELP", id: "SB2021071409", trust: 0.6, }, { db: "AUSCERT", id: "ESB-2023.1653", trust: 0.6, }, { db: "CNNVD", id: "CNNVD-202107-984", trust: 0.6, }, { db: "CNVD", id: "CNVD-2021-51428", trust: 0.1, }, { db: "VULHUB", id: "VHN-396550", trust: 0.1, }, { db: "VULMON", id: "CVE-2021-36374", trust: 0.1, }, ], sources: [ { db: "VULHUB", id: "VHN-396550", }, { db: "VULMON", id: "CVE-2021-36374", }, { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "NVD", id: "CVE-2021-36374", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202107-984", }, ], }, id: "VAR-202107-1602", iot: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: true, sources: [ { db: "VULHUB", id: "VHN-396550", }, ], trust: 0.01, }, last_update_date: "2023-12-18T11:20:59.123000Z", patch: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { title: "Oracle Critical Patch Update Advisory - October 2021", trust: 0.8, url: "https://ant.apache.org/security.html", }, { title: "Apache Ant Security vulnerabilities", trust: 0.6, url: "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=178519", }, { title: "Red Hat: CVE-2021-36374", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=cve-2021-36374", }, { title: "IBM: Security Bulletin: Multiple Vulnerabilities may affect Apache Ant used by Content Collector for Email, Content Collector for File Systems, Content Collector for Microsoft SharePoint and Content Collector for IBM Connections", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=ibm_psirt_blog&qid=983cc8600f8f67fe35b9b5eebcf9b870", }, { title: "Arch Linux Advisories: [ASA-202107-43] ant: denial of service", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_advisories&qid=asa-202107-43", }, { title: "Arch Linux Issues: ", trust: 0.1, url: "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=cve-2021-36374 log", }, ], sources: [ { db: "VULMON", id: "CVE-2021-36374", }, { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "CNNVD", id: "CNNVD-202107-984", }, ], }, problemtype_data: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { problemtype: "NVD-CWE-Other", trust: 1, }, { problemtype: "others (CWE-Other) [NVD evaluation ]", trust: 0.8, }, ], sources: [ { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "NVD", id: "CVE-2021-36374", }, ], }, references: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", data: { "@container": "@list", }, sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: [ { trust: 2.4, url: "https://www.oracle.com/security-alerts/cpuapr2022.html", }, { trust: 2.4, url: "https://www.oracle.com/security-alerts/cpuoct2021.html", }, { trust: 1.8, url: "https://security.netapp.com/advisory/ntap-20210819-0007/", }, { trust: 1.8, url: "https://ant.apache.org/security.html", }, { trust: 1.8, url: "https://lists.apache.org/thread.html/rdd5412a5b9a25aed2a02c3317052d38a97128314d50bc1ed36e81d38%40%3cuser.ant.apache.org%3e", }, { trust: 1.8, url: "https://www.oracle.com/security-alerts/cpujan2022.html", }, { trust: 1.8, url: "https://www.oracle.com/security-alerts/cpujul2022.html", }, { trust: 1, url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a%40%3ccommits.groovy.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d%40%3ccommits.groovy.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a%40%3cnotifications.groovy.apache.org%3e", }, { trust: 1, url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6%40%3cdev.myfaces.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r27919fd4db07c487239c1d9771f480d89ce5ee2750aa9447309b709a@%3ccommits.groovy.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/r544c9e8487431768465b8b2d13982c75123109bd816acf839d46010d@%3ccommits.groovy.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/rad36f470647c5a7c02dd78c9973356d2840766d132b597b6444e373a@%3cnotifications.groovy.apache.org%3e", }, { trust: 0.8, url: "https://lists.apache.org/thread.html/rf4bb79751a02889623195715925e4fd8932dd3c97e0ade91395a96c6@%3cdev.myfaces.apache.org%3e", }, { trust: 0.8, url: "https://nvd.nist.gov/vuln/detail/cve-2021-36374", }, { trust: 0.7, url: "https://access.redhat.com/security/cve/cve-2021-36374", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021041363", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022042272", }, { trust: 0.6, url: "https://www.auscert.org.au/bulletins/esb-2023.1653", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022072042", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022072096", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021072011", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022042546", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021071409", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022012324", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2022011911", }, { trust: 0.6, url: "https://www.cybersecurity-help.cz/vdb/sb2021101927", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/oracle-fusion-middleware-vulnerabilities-of-october-2021-36677", }, { trust: 0.6, url: "https://vigilance.fr/vulnerability/apache-ant-denial-of-service-via-zip-archive-length-parameter-36867", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6518994", }, { trust: 0.6, url: "https://www.ibm.com/support/pages/node/6514441", }, { trust: 0.1, url: "https://cwe.mitre.org/data/definitions/.html", }, { trust: 0.1, url: "https://nvd.nist.gov", }, { trust: 0.1, url: "https://www.ibm.com/blogs/psirt/security-bulletin-multiple-vulnerabilities-may-affect-apache-ant-used-by-content-collector-for-email-content-collector-for-file-systems-content-collector-for-microsoft-sharepoint-and-content-collec/", }, ], sources: [ { db: "VULHUB", id: "VHN-396550", }, { db: "VULMON", id: "CVE-2021-36374", }, { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "NVD", id: "CVE-2021-36374", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202107-984", }, ], }, sources: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", data: { "@container": "@list", }, }, data: [ { db: "VULHUB", id: "VHN-396550", }, { db: "VULMON", id: "CVE-2021-36374", }, { db: "JVNDB", id: "JVNDB-2021-010002", }, { db: "NVD", id: "CVE-2021-36374", }, { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202107-984", }, ], }, sources_release_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", data: { "@container": "@list", }, }, data: [ { date: "2021-07-14T00:00:00", db: "VULHUB", id: "VHN-396550", }, { date: "2021-07-14T00:00:00", db: "VULMON", id: "CVE-2021-36374", }, { date: "2022-06-13T00:00:00", db: "JVNDB", id: "JVNDB-2021-010002", }, { date: "2021-07-14T07:15:08.400000", db: "NVD", id: "CVE-2021-36374", }, { date: "2021-04-13T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2021-07-14T00:00:00", db: "CNNVD", id: "CNNVD-202107-984", }, ], }, sources_update_date: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", data: { "@container": "@list", }, }, data: [ { date: "2023-02-28T00:00:00", db: "VULHUB", id: "VHN-396550", }, { date: "2022-07-25T00:00:00", db: "VULMON", id: "CVE-2021-36374", }, { date: "2022-06-13T07:25:00", db: "JVNDB", id: "JVNDB-2021-010002", }, { date: "2023-11-07T03:36:45.487000", db: "NVD", id: "CVE-2021-36374", }, { date: "2021-04-14T00:00:00", db: "CNNVD", id: "CNNVD-202104-975", }, { date: "2023-03-21T00:00:00", db: "CNNVD", id: "CNNVD-202107-984", }, ], }, threat_type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "local", sources: [ { db: "CNNVD", id: "CNNVD-202107-984", }, ], trust: 0.6, }, title: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "Apache Ant Vulnerability in", sources: [ { db: "JVNDB", id: "JVNDB-2021-010002", }, ], trust: 0.8, }, type: { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", sources: { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", }, }, }, data: "other", sources: [ { db: "CNNVD", id: "CNNVD-202104-975", }, { db: "CNNVD", id: "CNNVD-202107-984", }, ], trust: 1.2, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.