All the vulnerabilites related to FUJITSU - TRIOLE
var-201405-0502
Vulnerability from variot

CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation " And the session state may change. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.2 are vulnerable

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201405-0502",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.16.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.15.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.4.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.15.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.15.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.16.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "apache",
        "version": "2.3.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.14.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.15"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.14.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.1.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.1.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.8.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.3.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.11.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.2.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.11.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.13"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.12"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.14.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.16"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.1.2"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v9.1"
      },
      {
        "model": "infocage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "security risk management  v1.0.0 to  v2.1.3"
      },
      {
        "model": "serverview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "resource orchestrator"
      },
      {
        "model": "interstage service integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.3.16.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v5.1 to  v5.2"
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "infocage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "pc security"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application development cycle manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "struts",
        "scope": "lt",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.x"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rfid manager lite v2.0"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business analytics modeling server"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 3.0.10 and earlier"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.3 to  v8.4"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v6.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v6.1 to  v6.5"
      },
      {
        "model": "systemwalker service catalog manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "esmpro/servermanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver5.75 and earlier"
      },
      {
        "model": "cloud infrastructure management software",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v5.1 to  v5.2"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 2.3.16 and earlier"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business process manager analytics"
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "cloud middle set  b set"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rfid manager st ard v2.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard-j edition v6.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v6.1 to  v6.5"
      },
      {
        "model": "connections",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "3.0.1.1 and earlier"
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rfid manager enterprise v7.1"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "extreme transaction processing server"
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "st ard edition v5.1 to  v5.2"
      },
      {
        "model": "webotx developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "\"v8.2 to  v8.4 (with developers studio only )\""
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "mobile manager"
      },
      {
        "model": "systemwalker service quality coordinator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v5.1 to  v5.2"
      },
      {
        "model": "webotx developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "\"v9.1 to  v9.2 (with developers studio only )\""
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.11"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.13"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:struts",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:connections",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:mysql",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:infocage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_developer",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_portal",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:serverview",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:symfoware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:triole",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Zubair Ashraf of IBM X-Force",
    "sources": [
      {
        "db": "BID",
        "id": "67218"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0116",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.8,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2014-0116",
            "impactScore": 4.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.9,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0116",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0116",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201405-150",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0116",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CookieInterceptor in Apache Struts 2.x before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and modify session state via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0113. This vulnerability CVE-2014-0113 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation \" And the session state may change. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.2 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "BID",
        "id": "67218"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0116"
      }
    ],
    "trust": 1.98
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0116",
        "trust": 2.8
      },
      {
        "db": "BID",
        "id": "67218",
        "trust": 2.0
      },
      {
        "db": "SECUNIA",
        "id": "59816",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0116",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "db": "BID",
        "id": "67218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "id": "VAR-201405-0502",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1875
  },
  "last_update_date": "2024-11-23T21:45:09.999000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "1680848",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
      },
      {
        "title": "1681190",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
      },
      {
        "title": "NV15-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Bug 1094558",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1094558"
      },
      {
        "title": "Huawei-SA-20140707-01-Struts2",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "S2-022",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html"
      },
      {
        "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
      },
      {
        "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
      },
      {
        "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
      },
      {
        "title": "Red Hat: CVE-2014-0116",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0116"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "-maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/nagauker/-maven-security-versions "
      },
      {
        "title": "maven-security-versions-Travis",
        "trust": 0.1,
        "url": "https://github.com/klee94/maven-security-versions-Travis "
      },
      {
        "title": "maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/victims/maven-security-versions "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/tmpgit3000/victims "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/alexsh88/victims "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-022.html"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/bid/67218"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59816"
      },
      {
        "trust": 1.7,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0116"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0116"
      },
      {
        "trust": 0.3,
        "url": "http://struts.apache.org/"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=34163"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/victims/maven-security-versions"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "db": "BID",
        "id": "67218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "db": "BID",
        "id": "67218"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-05-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "date": "2014-05-06T00:00:00",
        "db": "BID",
        "id": "67218"
      },
      {
        "date": "2014-05-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "date": "2014-05-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "date": "2014-05-08T10:55:02.967000",
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0116"
      },
      {
        "date": "2015-04-16T18:14:00",
        "db": "BID",
        "id": "67218"
      },
      {
        "date": "2016-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      },
      {
        "date": "2019-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      },
      {
        "date": "2024-11-21T02:01:24.537000",
        "db": "NVD",
        "id": "CVE-2014-0116"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Struts of  CookieInterceptor In  ClassLoader Vulnerability manipulated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002411"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201405-150"
      }
    ],
    "trust": 0.6
  }
}

var-201404-0287
Vulnerability from variot

CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The " operation (manipulate)" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16.1 are vulnerable

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0287",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "struts",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "apache",
        "version": "2.3.16.2"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "5.0"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "4.5"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 1.1,
        "vendor": "ibm",
        "version": "4.0"
      },
      {
        "model": "struts",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.16.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.16"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.15.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.15.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.9,
        "vendor": "apache",
        "version": "2.3.15.1"
      },
      {
        "model": "connections",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 2.3.16"
      },
      {
        "model": "mysql",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "oracle",
        "version": "enterprise monitor 3.0.10"
      },
      {
        "model": "esmpro/servermanager",
        "scope": "lte",
        "trust": 0.8,
        "vendor": "nec",
        "version": "ver5.75"
      },
      {
        "model": "infocage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "pc security"
      },
      {
        "model": "infocage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "security risk management  v1.0.0 to  v2.1.3"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v5.1 to  v5.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "enterprise edition v6.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rfid manager enterprise v7.1"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rfid manager lite v2.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "rfid manager standard v2.0"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v5.1 to  v5.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard edition v6.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v5.1 to  v5.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "standard-j edition v6.1 to  v6.5"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v5.1 to  v5.2"
      },
      {
        "model": "webotx",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "web edition v6.1 to  v6.5"
      },
      {
        "model": "webotx application server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v7.1"
      },
      {
        "model": "webotx developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "\"v8.2 to  v8.4 (with developers studio only )\""
      },
      {
        "model": "webotx developer",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "\"v9.1 to  v9.2 (with developers studio only )\""
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v8.3 to  v8.4"
      },
      {
        "model": "webotx portal",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "nec",
        "version": "v9.1"
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business analytics modeling server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business process manager analytics"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "extreme transaction processing server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "mobile manager"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage service integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "serverview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "resource orchestrator"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "systemwalker service catalog manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker service quality coordinator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "cloud middle set  b set"
      },
      {
        "model": "cloud infrastructure management software",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.4.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.3"
      },
      {
        "model": "keybox",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "skavanagh",
        "version": "2.10.02"
      },
      {
        "model": "ec2box",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "skavanagh",
        "version": "0.11.01"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0.10"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.16"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.15"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.14"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3.13"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "3.0"
      },
      {
        "model": "mysql enterprise monitor",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "oracle",
        "version": "2.3"
      },
      {
        "model": "sterling web channel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "sterling web channel",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "sterling selling and fulfillment foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.1"
      },
      {
        "model": "sterling selling and fulfillment foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2"
      },
      {
        "model": "sterling selling and fulfillment foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "sterling selling and fulfillment foundation",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "sterling order management",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.5"
      },
      {
        "model": "sterling field sales",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.1"
      },
      {
        "model": "sterling field sales",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.2.0"
      },
      {
        "model": "sterling field sales",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.0"
      },
      {
        "model": "sterling field sales",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.0"
      },
      {
        "model": "platform symphony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1.1"
      },
      {
        "model": "platform symphony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "6.1"
      },
      {
        "model": "platform symphony",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "5.2"
      },
      {
        "model": "platform hpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "platform hpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "platform hpc",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "platform cluster manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1.1"
      },
      {
        "model": "platform cluster manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "4.1"
      },
      {
        "model": "platform cluster manager",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.2"
      },
      {
        "model": "platform application center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.2"
      },
      {
        "model": "platform application center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1.1"
      },
      {
        "model": "platform application center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "9.1"
      },
      {
        "model": "platform application center",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "8.3"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.00"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.10"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.1"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1.0"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0.1"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "3.0"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.3"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.2"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.1"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.5.0.0"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.1.1"
      },
      {
        "model": "connections",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "2.0.0.0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.0.2"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.0.1"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.3"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.0"
      },
      {
        "model": "clearpass",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "5.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.41"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.15"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.14.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.14.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.14.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.13"
      },
      {
        "model": "keybox",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "skavanagh",
        "version": "2.10.03"
      },
      {
        "model": "ec2box",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "skavanagh",
        "version": "0.11.02"
      },
      {
        "model": "clearpass",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.3.2"
      },
      {
        "model": "clearpass",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.2.6"
      },
      {
        "model": "clearpass",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "arubanetworks",
        "version": "6.1.4"
      },
      {
        "model": "struts",
        "scope": "ne",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.16.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "67081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:struts",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:ibm:connections",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:oracle:mysql",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:esmpro_servermanager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:infocage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_developer",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:nec:webotx_portal",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:serverview",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:symfoware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:triole",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Taki Uchiyama, Takeshi Terada, Takayoshi Isayama, Yoshiyuki Karezaki, BAKA/ty, \nShine, NSFOCUS Security Team and heige.",
    "sources": [
      {
        "db": "BID",
        "id": "67081"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0113",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0113",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.9,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0113",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0113",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-570",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0113",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "CookieInterceptor in Apache Struts before 2.3.20, when a wildcard cookiesName value is used, does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. This vulnerability CVE-2014-0094 Vulnerability due to insufficient fix for.Through a crafted request by a third party, ClassLoader The \" operation (manipulate)\" And any code could be executed. Apache Struts is prone to a security-bypass vulnerability. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16.1 are vulnerable",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "BID",
        "id": "67081"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      }
    ],
    "trust": 1.98
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142",
        "trust": 0.1,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0113",
        "trust": 2.8
      },
      {
        "db": "SECUNIA",
        "id": "59178",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "67081",
        "trust": 0.3
      },
      {
        "db": "EXPLOITDB",
        "id": "33142",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0113",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "db": "BID",
        "id": "67081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "id": "VAR-201404-0287",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1875
  },
  "last_update_date": "2024-11-23T20:19:45.132000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Security Bulletins S2-021",
        "trust": 0.8,
        "url": "https://cwiki.apache.org/confluence/display/WW/S2-021"
      },
      {
        "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2",
        "trust": 0.8,
        "url": "http://struts.apache.org/download.cgi#struts23162"
      },
      {
        "title": "1680848",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
      },
      {
        "title": "1681190",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
      },
      {
        "title": "NV15-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
      },
      {
        "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
      },
      {
        "title": "FUJITSU Integrated System HA Database Ready: Struts2\u306e\u8106\u5f31\u6027(CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116) (2014\u5e746\u670819\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
      },
      {
        "title": "struts-2.3.16.2-all",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=49668"
      },
      {
        "title": "Red Hat: CVE-2014-0113",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0113"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "-maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/nagauker/-maven-security-versions "
      },
      {
        "title": "maven-security-versions-Travis",
        "trust": 0.1,
        "url": "https://github.com/klee94/maven-security-versions-Travis "
      },
      {
        "title": "maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/victims/maven-security-versions "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/tmpgit3000/victims "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/alexsh88/victims "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.0,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 2.0,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
      },
      {
        "trust": 1.7,
        "url": "https://cwiki.apache.org/confluence/display/ww/s2-021"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59178"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0113"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0113"
      },
      {
        "trust": 0.3,
        "url": "http://www.arubanetworks.com/support/alerts/aid-051414.asc"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/skavanagh/ec2box/releases/tag/v0.11.02"
      },
      {
        "trust": 0.3,
        "url": "https://github.com/skavanagh/keybox/releases/tag/v2.10.03"
      },
      {
        "trust": 0.3,
        "url": "http://struts.apache.org/"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=swg21680848"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020896"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020893"
      },
      {
        "trust": 0.3,
        "url": "http://struts.apache.org/development/2.x/docs/s2-021.html"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020894"
      },
      {
        "trust": 0.3,
        "url": "https://www-304.ibm.com/support/docview.wss?uid=isg3t1020895"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=33975"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/victims/maven-security-versions"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/33142/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "db": "BID",
        "id": "67081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "db": "BID",
        "id": "67081"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "date": "2014-04-28T00:00:00",
        "db": "BID",
        "id": "67081"
      },
      {
        "date": "2014-04-30T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "date": "2014-04-30T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "date": "2014-04-29T10:37:03.700000",
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0113"
      },
      {
        "date": "2015-05-07T17:38:00",
        "db": "BID",
        "id": "67081"
      },
      {
        "date": "2016-08-02T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      },
      {
        "date": "2019-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      },
      {
        "date": "2024-11-21T02:01:23.837000",
        "db": "NVD",
        "id": "CVE-2014-0113"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Struts of  CookieInterceptor In  ClassLoader Vulnerability manipulated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-002269"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-570"
      }
    ],
    "trust": 0.6
  }
}

var-202002-0484
Vulnerability from variot

The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. Interstage and Systemwalker Related products etc. TLS For operation TLS Multiple product vulnerabilities related to CVE-2019-13163 ) Exists.A man-in-the-middle attacker between the server and the client could break the encrypted communication

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202002-0484",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "sparc enterprise m8000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.3"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.1.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.1"
      },
      {
        "model": "systemwalker software configuration manager express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.6.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.2a"
      },
      {
        "model": "primergy rx4770 m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "granpower 5000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "12.0.0"
      },
      {
        "model": "safeauthor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.4"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.2.0e"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.3"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.6.1"
      },
      {
        "model": "systemwalker security control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0.0a"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.4.1"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.8.0e"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.0"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.6.0"
      },
      {
        "model": "sparc enterprise m9000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.2.0e"
      },
      {
        "model": "sparc enterprise m4000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0l10"
      },
      {
        "model": "sparc m12-2",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "primergy tx2550 m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.0a"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.2.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.0e"
      },
      {
        "model": "triole cloud middle set b set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.2.0"
      },
      {
        "model": "interstage web server express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.1.1"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3"
      },
      {
        "model": "linkexpress",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "5.0l21"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.8.0a"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.3a"
      },
      {
        "model": "interstage job workload server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.1.1"
      },
      {
        "model": "triole cloud middle set b set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.1.2"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.1a"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.0a"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.3.0"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.1.0"
      },
      {
        "model": "primepower",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.1"
      },
      {
        "model": "systemwalker runbook automation v14g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "14.1.0a"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.9.1"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.0.0"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.3e"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.4.1a"
      },
      {
        "model": "sparc m12-1",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "linkexpress",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "5.0l20"
      },
      {
        "model": "sparc m12-2s",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole cloud middle set b set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0.0"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.1.1"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.1.0"
      },
      {
        "model": "systemwalker it change manager v14g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "14.1.0"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.4.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.0b"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "12.1.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.1.0"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.1"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.2"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.2.0"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.1"
      },
      {
        "model": "systemwalker security control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0.0b"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "12.2.0"
      },
      {
        "model": "systemwalker software configuration manager express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.5.0a"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.7.0a"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.1.0b"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.0.0b"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.0"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.2"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.2.0"
      },
      {
        "model": "interstage business application manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0l20"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.3"
      },
      {
        "model": "systemwalker software configuration manager express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.5.0"
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.6.0"
      },
      {
        "model": "interstage business application manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.1"
      },
      {
        "model": "sparc enterprise m5000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.1.1"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.0.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.0.1a"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.3.0a"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.1a"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.1e"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.0b"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.0.0"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.2"
      },
      {
        "model": "systemwalker it change manager v14g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "14.0.0"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.3.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.2.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.3.1"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.4.0"
      },
      {
        "model": "interstage business application manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "2.0.1"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.2a"
      },
      {
        "model": "safeauthor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.1"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.1"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.0.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.3.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.2.0a"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.1b"
      },
      {
        "model": "systemwalker runbook automation v14g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "14.1.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.2"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.0"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.7.0"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.1.0"
      },
      {
        "model": "interstage web server express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.0.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.1"
      },
      {
        "model": "interstage business application manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0l21"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.3e"
      },
      {
        "model": "systemwalker it change manager v14g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "14.0.0a"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.9.0"
      },
      {
        "model": "gps",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server express",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.1.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "12.0.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.2e"
      },
      {
        "model": "primergy rx2540 m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "12.2.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.2"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.0.1b"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.4.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.3.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.1"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.0.1"
      },
      {
        "model": "primergy rx2530 m5",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker it change manager v14g",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "14.1.1"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "16.0.0a"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.2.0"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.0a"
      },
      {
        "model": "safeauthor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.3"
      },
      {
        "model": "triole cloud middle set b set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.1.0"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.0"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.1"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.0.1"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.1.0a"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.2"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.1.1"
      },
      {
        "model": "sparc enterprise m3000",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "gp7000f",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.0a"
      },
      {
        "model": "interstage information integrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.3.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.1.0a"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "16.0.1"
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.5.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.1.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.1e"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.3"
      },
      {
        "model": "systemwalker security control",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.0.0"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.0.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.0.0"
      },
      {
        "model": "linkexpress",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "v5.0l20"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.1.2"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.3.0c"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "16.0.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.1.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.1.0"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.4.0b"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.0e"
      },
      {
        "model": "systemwalker operation manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "13.8.0"
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.1b"
      },
      {
        "model": "serverview resource orchestrator",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.2.0"
      },
      {
        "model": "primequest",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "12.1.0"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.1a"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.2.0"
      },
      {
        "model": "safeauthor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.6l10"
      },
      {
        "model": "interstage studio",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.0.0"
      },
      {
        "model": "triole cloud middle set b set",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "1.1.1"
      },
      {
        "model": "safeauthor",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "3.0"
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "9.1.0b"
      },
      {
        "model": "interstage information integrator agent",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "11.3.0"
      },
      {
        "model": "interstage list works",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "10.2.0"
      },
      {
        "model": "interstage business application manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "2.0.0"
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.0.0a"
      },
      {
        "model": "systemwalker runbook automation",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.1.1"
      },
      {
        "model": "celsius",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "8.0.0"
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fujitsu",
        "version": "15.5.0a"
      },
      {
        "model": "internet navigware enterprise lms server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application development cycle manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage big data complex event processing server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage information integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage information integrator agent",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage list works",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage mobile application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage web server express",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "linkexpress",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "safeauthor",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "serverview resource orchestrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "symfoware analytics server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "symfoware server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker centric manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker cloud business service management",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker desktop keeper",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker desktop patrol",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker it change manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker operation manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker runbook automation",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker security control",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker software configuration manager express",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "\u30af\u30e9\u30a6\u30c9\u30df\u30c9\u30eb\u30bb\u30c3\u30c8 b\u30bb\u30c3\u30c8"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:fujitsu:internet_navigware_Enterprise_LMS_Server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_big_data_complex_event_processing_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_information_integrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_information_integrator_agent",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_list_works",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_mobile_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_web_server_express",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:linkexpress",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:safeauthor",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:serverview_resource_orchestrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:symfoware_analytics_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:symfoware_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_centric_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_cloud_business_service_management",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_keeper",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_desktop_patrol",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_it_change_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_operation_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_runbook_automation",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_security_control",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager_expres",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:triole",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      }
    ]
  },
  "cve": "CVE-2019-13163",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "CVE-2019-13163",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Network",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 4.3,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002248",
            "impactScore": null,
            "integrityImpact": "None",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.9,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 2.2,
            "id": "CVE-2019-13163",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          {
            "attackComplexity": "High",
            "attackVector": "Network",
            "author": "NVD",
            "availabilityImpact": "None",
            "baseScore": 5.9,
            "baseSeverity": "Medium",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "JVNDB-2020-002248",
            "impactScore": null,
            "integrityImpact": "None",
            "privilegesRequired": "None",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2019-13163",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "NVD",
            "id": "JVNDB-2020-002248",
            "trust": 0.8,
            "value": "Medium"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202002-237",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2019-13163",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The Fujitsu TLS library allows a man-in-the-middle attack. This affects Interstage Application Development Cycle Manager V10 and other versions, Interstage Application Server V12 and other versions, Interstage Business Application Manager V2 and other versions, Interstage Information Integrator V11 and other versions, Interstage Job Workload Server V8, Interstage List Works V10 and other versions, Interstage Studio V12 and other versions, Interstage Web Server Express V11, Linkexpress V5, Safeauthor V3, ServerView Resource Orchestrator V3, Systemwalker Cloud Business Service Management V1, Systemwalker Desktop Keeper V15, Systemwalker Desktop Patrol V15, Systemwalker IT Change Manager V14, Systemwalker Operation Manager V16 and other versions, Systemwalker Runbook Automation V15 and other versions, Systemwalker Security Control V1, and Systemwalker Software Configuration Manager V15. Interstage and Systemwalker Related products etc. TLS For operation TLS Multiple product vulnerabilities related to CVE-2019-13163 ) Exists.A man-in-the-middle attacker between the server and the client could break the encrypted communication",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13163"
      }
    ],
    "trust": 1.71
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2019-13163",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2019-13163",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "id": "VAR-202002-0484",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.26205936
  },
  "last_update_date": "2024-11-23T22:58:22.297000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Interstage\u3084Systemwalker\u95a2\u9023\u88fd\u54c1: TLS\u306b\u95a2\u3059\u308b\u8907\u6570\u88fd\u54c1\u306e\u8106\u5f31\u6027\uff08CVE-2019-13163\uff09(2020\u5e743\u670812\u65e5)",
        "trust": 0.8,
        "url": "https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html"
      },
      {
        "title": "Multiple Fujitsu Product encryption problem vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqById.tag?id=111554"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-326",
        "trust": 1.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.7,
        "url": "https://www.fujitsu.com/jp/products/software/resources/condition/security/products-fujitsu/solution/interstage-systemwalker-tls-202001.html"
      },
      {
        "trust": 1.4,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13163"
      },
      {
        "trust": 0.8,
        "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-13163"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/326.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2019-13163"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      },
      {
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13163"
      },
      {
        "date": "2020-03-09T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "date": "2020-02-07T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      },
      {
        "date": "2020-02-07T23:15:09.933000",
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2020-02-27T00:00:00",
        "db": "VULMON",
        "id": "CVE-2019-13163"
      },
      {
        "date": "2020-03-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      },
      {
        "date": "2023-05-17T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      },
      {
        "date": "2024-11-21T04:24:19.820000",
        "db": "NVD",
        "id": "CVE-2019-13163"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Interstage and  Systemwalker Related product : TLS Vulnerabilities of multiple products in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2020-002248"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "encryption problem",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202002-237"
      }
    ],
    "trust": 0.6
  }
}

var-201404-0286
Vulnerability from variot

ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to "manipulate" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:

A minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. The purpose of this text-only errata is to inform you about the security issues fixed in this release.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Description:

This release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse 7.2, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References.

Security Fix(es):

  • jackson-databind: A deserialization flaw was discovered in the jackson-databind which could allow an unauthenticated user to perform code execution by sending the maliciously crafted input to the readValue method of the ObjectMapper. (CVE-2017-7525)

  • struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)

  • jetty: HTTP request smuggling (CVE-2017-7657)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section. Solution:

Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on.

Installation instructions are available from the Fuse 7.3.0 product documentation page: https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/

  1. Bugs fixed (https://bugzilla.redhat.com/):

1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters 1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper 1595620 - CVE-2017-7657 jetty: HTTP request smuggling

  1. Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

Copyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


               VMware Security Advisory

Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112


  1. Summary

    VMware product updates address security vulnerabilities in Apache Struts library

  2. Relevant releases

    VMware vCenter Operations Management Suite prior to 5.8.2

  3. Problem Description

a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-0050, CVE-2014-0094, and
  CVE-2014-0112 to these issues.

  CVE-2014-0112 may lead to remote code execution. This issue was 
  found to be only partially addressed in CVE-2014-0094.

  CVE-2014-0050 may lead to a denial of service condition.

  vCenter Operations Management Suite (vCOps) is affected by both 
  CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
  may lead to remote code execution without authentication.

  vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not 
  by CVE-2014-0112.

  Workaround

  A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
  article 2081470.


  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running Replace with/
  Product        Version    on  Apply Patch
  =============  =======    ======= =================
  vCOPS      5.8.x  any     vCOPS 5.8.2
  vCOPS          5.7.x      any     patch pending *

  vCO            5.5        any     patch pending
  vCO            5.1        any     patch pending
  vCO            4.2        any     patch pending

  *Customers are advised to apply the workaround or update to vCOps

5.8.2.

  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

vCenter Operations Management Suite 5.8.2


Downloads and Documentation: https://www.vmware.com/go/download-vcops

  1. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

http://kb.vmware.com/kb/2081470


  1. Change log

2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.


  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8

wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201404-0286",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "struts",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.0"
      },
      {
        "model": "struts",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.3.16.2"
      },
      {
        "model": null,
        "scope": null,
        "trust": 0.8,
        "vendor": "apache struts",
        "version": null
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "apache",
        "version": "2.0.0 to 2.3.16.1"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 for x86(32bit)"
      },
      {
        "model": "asianux server",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "cybertrust",
        "version": "3 for x86_64(64bit)"
      },
      {
        "model": "cloud infrastructure management software",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business analytics modeling server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business process manager analytics"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "extreme transaction processing server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "mobile manager"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage interaction manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage service integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "serverview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "resource orchestrator"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "systemwalker service catalog manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker service quality coordinator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "cloudmiddleset b set"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.8"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.7"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.4.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.16.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.15"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.4"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.13"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:struts",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/o:misc:miraclelinux_asianux_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_interaction_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:serverview",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:symfoware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:triole",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Red Hat",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      }
    ],
    "trust": 0.7
  },
  "cve": "CVE-2014-0112",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "PARTIAL",
            "baseScore": 7.5,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0112",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "HIGH",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "availabilityRequirement": "NOT DEFINED",
            "baseScore": 7.5,
            "collateralDamagePotential": "LOW",
            "confidentialityImpact": "PARTIAL",
            "confidentialityRequirement": "NOT DEFINED",
            "enviromentalScore": 6.9,
            "exploitability": "HIGH",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0094",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "integrityRequirement": "NOT DEFINED",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "remediationLevel": "OFFICIAL FIX",
            "reportConfidence": "CONFIRMED",
            "severity": "HIGH",
            "targetDistribution": "HIGH",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vector_string": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Network",
            "authentication": "None",
            "author": "IPA",
            "availabilityImpact": "Partial",
            "baseScore": 7.5,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "JVNDB-2014-000045",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0112",
            "trust": 1.0,
            "value": "HIGH"
          },
          {
            "author": "NVD",
            "id": "CVE-2014-0094",
            "trust": 0.8,
            "value": "HIGH"
          },
          {
            "author": "IPA",
            "id": "JVNDB-2014-000045",
            "trust": 0.8,
            "value": "High"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201404-445",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0112",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "ParametersInterceptor in Apache Struts before 2.3.20 does not properly restrict access to the getClass method, which allows remote attackers to \"manipulate\" the ClassLoader and execute arbitrary code via a crafted request. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-0094. Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Summary:\n\nA minor version update (from 7.2 to 7.3) is now available for Red Hat Fuse. \nThe purpose of this text-only errata is to inform you about the security\nissues fixed in this release. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. Description:\n\nThis release of Red Hat Fuse 7.3 serves as a replacement for Red Hat Fuse\n7.2, and includes bug fixes and enhancements, which are documented in the\nRelease Notes document linked to in the References. \n\nSecurity Fix(es):\n\n* jackson-databind: A deserialization flaw was discovered in the\njackson-databind which could allow an unauthenticated user to perform code\nexecution by sending the maliciously crafted input to the readValue method\nof the ObjectMapper. (CVE-2017-7525)\n\n* struts2: ClassLoader manipulation via request parameters (CVE-2014-0112)\n\n* jetty: HTTP request smuggling (CVE-2017-7657)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, and other related information, refer to the CVE page(s) listed in\nthe References section. Solution:\n\nBefore applying the update, back up your existing installation, including\nall applications, configuration files, databases and database settings, and\nso on. \n\nInstallation instructions are available from the Fuse 7.3.0 product\ndocumentation page:\nhttps://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/\n\n4. Bugs fixed (https://bugzilla.redhat.com/):\n\n1091939 - CVE-2014-0112 struts2: ClassLoader manipulation via request parameters\n1462702 - CVE-2017-7525 jackson-databind: Deserialization vulnerability via readValue method of ObjectMapper\n1595620 - CVE-2017-7657 jetty: HTTP request smuggling\n\n5. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2019 Red Hat, Inc. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis:    VMware product updates address security vulnerabilities in \n             Apache Struts library \nIssue date:  2014-06-24\nUpdated on:  2014-06-24 (Initial Advisory)\nCVE number:  CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n    VMware product updates address security vulnerabilities in Apache \n    Struts library\n\n2. Relevant releases\n\n    VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n   a. The Apache Struts library is updated to version 2.3.16.2 to \n      address multiple security issues. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-0050, CVE-2014-0094, and\n      CVE-2014-0112 to these issues. \n\n      CVE-2014-0112 may lead to remote code execution. This issue was \n      found to be only partially addressed in CVE-2014-0094. \n\n      CVE-2014-0050 may lead to a denial of service condition. \n\n      vCenter Operations Management Suite (vCOps) is affected by both \n      CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n      may lead to remote code execution without authentication. \n\n      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n      by CVE-2014-0112. \n\n      Workaround\n\n      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n      article 2081470. \n\n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning\tReplace with/\n      Product        Version\ton\tApply Patch\n      =============  =======\t=======\t=================\n      vCOPS\t     5.8.x \tany \tvCOPS 5.8.2\n      vCOPS          5.7.x      any     patch pending *\n\n      vCO            5.5        any     patch pending\n      vCO            5.1        any     patch pending\n      vCO            4.2        any     patch pending\n\n      *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n   Please review the patch/release notes for your product and version \n   and verify the checksum of your downloaded file. \n\n   vCenter Operations Management Suite 5.8.2\n   -----------------------------------------\n   Downloads and Documentation:\n   https://www.vmware.com/go/download-vcops\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n   http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2014-06-24 VMSA-2014-0007\n   Initial security advisory in conjunction with the release of vCenter\n   Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      },
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      }
    ],
    "trust": 2.88
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://www.kb.cert.org/vuls/id/719225",
        "trust": 0.8,
        "type": "unknown"
      },
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=33142",
        "trust": 0.2,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0112",
        "trust": 3.0
      },
      {
        "db": "JVN",
        "id": "JVN19294237",
        "trust": 2.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045",
        "trust": 2.5
      },
      {
        "db": "BID",
        "id": "67064",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "127215",
        "trust": 1.8
      },
      {
        "db": "SECUNIA",
        "id": "59500",
        "trust": 1.7
      },
      {
        "db": "SECUNIA",
        "id": "59178",
        "trust": 1.7
      },
      {
        "db": "CERT/CC",
        "id": "VU#719225",
        "trust": 1.6
      },
      {
        "db": "PACKETSTORM",
        "id": "152687",
        "trust": 0.7
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2019.1493",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445",
        "trust": 0.6
      },
      {
        "db": "EXPLOITDB",
        "id": "33142",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "id": "VAR-201404-0286",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1875
  },
  "last_update_date": "2024-11-23T20:43:10.110000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Announcements - 2013 24 April 2014 - Struts up to 2.3.16.1: Zero-Day Exploit Mitigation",
        "trust": 0.8,
        "url": "http://struts.apache.org/announce.html#a20140424"
      },
      {
        "title": "Security Bulletins S2-020",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
      },
      {
        "title": "Security Bulletins S2-021",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
      },
      {
        "title": "Download a Release of Apache Struts -- Full Releases Struts 2.3.16.2",
        "trust": 0.8,
        "url": "http://struts.apache.org/download.cgi#struts23162"
      },
      {
        "title": "struts-1.2.9-4jpp.8.AXS3 ",
        "trust": 0.8,
        "url": "https://tsn.miraclelinux.com/tsn_local/index.php?m=errata\u0026a=detail\u0026eid=3678\u0026sType=\u0026sProduct=\u0026published=1"
      },
      {
        "title": "Interstage Application Development Cycle Manager(ADM): Apache Struts vulnerable (CVE-2014-0094)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html"
      },
      {
        "title": "CVE-2014-0094, CVE-2014-0114: Apache Struts vulnerable to ClassLoader manipulation",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/cve2014-0094-0114e.html"
      },
      {
        "title": "Interstage Business Process Manager Analytics, Systemwalker Service Quality Coordinator: Vulnerability of allowing attackers to \"manipulate\" the ClassLoader (CVE-2014-0094). May 20th, 2014",
        "trust": 0.8,
        "url": "http://www.fujitsu.com/global/support/products/software/security/products-f/interstage-bpma201401e.html"
      },
      {
        "title": "Symfoware Server (Open Interface) : Security vulnerabilities of Struts (CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
      },
      {
        "title": "Interstage Interaction Manager: Struts1 vulnerability (CVE-2014-0094)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_im_201401.html"
      },
      {
        "title": "Interstage Mobile Manager: Struts1 vulnerability (CVE-2014-0094)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_mm_201401.html"
      },
      {
        "title": "FUJITSU Integrated System HA Database Ready: Struts2 vulnerabilities (CVE-2014-0094,CVE-2014-0112,CVE-2014-0113,CVE-2014-0116)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/ha_db_ready_201401.html"
      },
      {
        "title": "1680848",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21680848"
      },
      {
        "title": "1681190",
        "trust": 0.8,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21681190"
      },
      {
        "title": "2081470",
        "trust": 0.8,
        "url": "http://kb.vmware.com/selfservice/microsites/search.do?language=en_US\u0026cmd=displayKC\u0026externalId=2081470"
      },
      {
        "title": "NV15-001",
        "trust": 0.8,
        "url": "http://jpn.nec.com/security-info/secinfo/nv15-001.html"
      },
      {
        "title": "Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "title": "Text Form of Oracle Critical Patch Update - April 2015 Risk Matrices",
        "trust": 0.8,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015verbose-2365613.html"
      },
      {
        "title": "Bug 1091939",
        "trust": 0.8,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939"
      },
      {
        "title": "Huawei-SA-20140707-01-Struts2",
        "trust": 0.8,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
      },
      {
        "title": "April 2015 Critical Patch Update Released",
        "trust": 0.8,
        "url": "https://blogs.oracle.com/security/entry/april_2015_critical_patch_update"
      },
      {
        "title": "Alert/Advisory: Multiple Vulnerabilities in Apache Struts on Trend Micro Products",
        "trust": 0.8,
        "url": "http://esupport.trendmicro.com/solution/ja-JP/1103321.aspx"
      },
      {
        "title": "VMSA-2014-0007",
        "trust": 0.8,
        "url": "http://www.vmware.com/security/advisories/VMSA-2014-0007.html"
      },
      {
        "title": "Red Hat: Important: Red Hat Fuse 7.3 security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20190910 - Security Advisory"
      },
      {
        "title": "Red Hat: CVE-2014-0112",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0112"
      },
      {
        "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "strutt-cve-2014-0114",
        "trust": 0.1,
        "url": "https://github.com/anob3it/strutt-cve-2014-0114 "
      },
      {
        "title": "-maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/nagauker/-maven-security-versions "
      },
      {
        "title": "maven-security-versions-Travis",
        "trust": 0.1,
        "url": "https://github.com/klee94/maven-security-versions-Travis "
      },
      {
        "title": "maven-security-versions",
        "trust": 0.1,
        "url": "https://github.com/victims/maven-security-versions "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/tmpgit3000/victims "
      },
      {
        "title": "victims",
        "trust": 0.1,
        "url": "https://github.com/alexsh88/victims "
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-264",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-DesignError",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.5,
        "url": "http://jvn.jp/en/jp/jvn19294237/index.html"
      },
      {
        "trust": 2.5,
        "url": "https://access.redhat.com/errata/rhsa-2019:0910"
      },
      {
        "trust": 2.4,
        "url": "http://www.securityfocus.com/bid/67064"
      },
      {
        "trust": 2.3,
        "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
      },
      {
        "trust": 2.3,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
      },
      {
        "trust": 1.7,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1091939"
      },
      {
        "trust": 1.7,
        "url": "https://cwiki.apache.org/confluence/display/ww/s2-021"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59500"
      },
      {
        "trust": 1.7,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 1.7,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
      },
      {
        "trust": 1.7,
        "url": "http://secunia.com/advisories/59178"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
      },
      {
        "trust": 1.7,
        "url": "http://www.securityfocus.com/archive/1/531952/100/0/threaded"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
      },
      {
        "trust": 0.8,
        "url": "http://struts.apache.org/announce.html#a20140424"
      },
      {
        "trust": 0.8,
        "url": "http://blog.trendmicro.com/trendlabs-security-intelligence/chinese-underground-creates-tool-exploiting-apache-struts-vulnerability/"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0112"
      },
      {
        "trust": 0.8,
        "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/"
      },
      {
        "trust": 0.8,
        "url": "http://www.kb.cert.org/vuls/id/719225"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/152687/red-hat-security-advisory-2019-0910-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/80006"
      },
      {
        "trust": 0.3,
        "url": "http://struts.apache.org/"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2014-0112"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/264.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/vmware-patches-apache-struts-flaws-in-vcops/106858/"
      },
      {
        "trust": 0.1,
        "url": "https://www.exploit-db.com/exploits/33142/"
      },
      {
        "trust": 0.1,
        "url": "http://tools.cisco.com/security/center/viewalert.x?alertid=38390"
      },
      {
        "trust": 0.1,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/html-single/release_notes/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7525"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2017-7525"
      },
      {
        "trust": 0.1,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2017-7657"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/jbossnetwork/restricted/listsoftware.html?downloadtype=distributions\u0026product=jboss.fuse\u0026version=7.3.0"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/documentation/en-us/red_hat_fuse/7.3/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2081470"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vcops"
      }
    ],
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "db": "BID",
        "id": "67064"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-04-25T00:00:00",
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "date": "2014-04-29T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "BID",
        "id": "67064"
      },
      {
        "date": "2014-04-25T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "date": "2019-04-30T16:20:15",
        "db": "PACKETSTORM",
        "id": "152687"
      },
      {
        "date": "2014-06-25T21:34:12",
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "date": "2014-04-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "date": "2014-04-29T10:37:03.670000",
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-07-24T00:00:00",
        "db": "CERT/CC",
        "id": "VU#719225"
      },
      {
        "date": "2019-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0112"
      },
      {
        "date": "2015-04-16T18:14:00",
        "db": "BID",
        "id": "67064"
      },
      {
        "date": "2015-05-08T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-000045"
      },
      {
        "date": "2019-08-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      },
      {
        "date": "2024-11-21T02:01:23.690000",
        "db": "NVD",
        "id": "CVE-2014-0112"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apache Struts2 ClassLoader allows access to class properties via request parameters",
    "sources": [
      {
        "db": "CERT/CC",
        "id": "VU#719225"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "permissions and access control issues",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201404-445"
      }
    ],
    "trust": 0.6
  }
}

var-201403-0506
Vulnerability from variot

The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to "manipulate" the ClassLoader via the class parameter, which is passed to the getClass method. ** Delete ** This case JVNDB-2014-000045 It was removed because it was found to be duplicated. JVNDB-2014-000045 Please refer to. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. Apache Struts versions 2.0.0 through 2.3.16 are vulnerable. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1


               VMware Security Advisory

Advisory ID: VMSA-2014-0007 Synopsis: VMware product updates address security vulnerabilities in Apache Struts library Issue date: 2014-06-24 Updated on: 2014-06-24 (Initial Advisory) CVE number: CVE-2014-0050, CVE-2014-0094, CVE-2014-0112


  1. Summary

    VMware product updates address security vulnerabilities in Apache Struts library

  2. Relevant releases

    VMware vCenter Operations Management Suite prior to 5.8.2

  3. Problem Description

a. The Apache Struts library is updated to version 2.3.16.2 to address multiple security issues.

  The Common Vulnerabilities and Exposures project (cve.mitre.org)
  has assigned the names CVE-2014-0050, CVE-2014-0094, and
  CVE-2014-0112 to these issues.

  CVE-2014-0112 may lead to remote code execution. This issue was 
  found to be only partially addressed in CVE-2014-0094.

  CVE-2014-0050 may lead to a denial of service condition.

  vCenter Operations Management Suite (vCOps) is affected by both 
  CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112
  may lead to remote code execution without authentication.

  vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not 
  by CVE-2014-0112.

  Workaround

  A workaround for CVE-2014-0112 is documented in VMware Knowledge Base
  article 2081470.


  Column 4 of the following table lists the action required to
  remediate the vulnerability in each release, if a solution is 
  available.

  VMware         Product    Running Replace with/
  Product        Version    on  Apply Patch
  =============  =======    ======= =================
  vCOPS      5.8.x  any     vCOPS 5.8.2
  vCOPS          5.7.x      any     patch pending *

  vCO            5.5        any     patch pending
  vCO            5.1        any     patch pending
  vCO            4.2        any     patch pending

  *Customers are advised to apply the workaround or update to vCOps

5.8.2.

  1. Solution

Please review the patch/release notes for your product and version and verify the checksum of your downloaded file.

vCenter Operations Management Suite 5.8.2


Downloads and Documentation: https://www.vmware.com/go/download-vcops

  1. References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112

http://kb.vmware.com/kb/2081470


  1. Change log

2014-06-24 VMSA-2014-0007 Initial security advisory in conjunction with the release of vCenter Operations Management Suite 5.8.2 on 2014-06-24.


  1. Contact

E-mail list for product security notifications and announcements: http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce

This Security Advisory is posted to the following lists:

security-announce at lists.vmware.com
bugtraq at securityfocus.com
fulldisclosure at seclists.org

E-mail: security at vmware.com PGP key at: http://kb.vmware.com/kb/1055

VMware Security Advisories http://www.vmware.com/security/advisories

VMware Security Response Policy https://www.vmware.com/support/policies/security_response.html

VMware Lifecycle Support Phases https://www.vmware.com/support/policies/lifecycle.html

Twitter https://twitter.com/VMwareSRC

Copyright 2014 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE----- Version: Encryption Desktop 10.3.2 (Build 15337) Charset: utf-8

wj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM CZ5+DYZAydCjMwVgtKqoo7Y= =Vwu5 -----END PGP SIGNATURE-----

Show details on source website


{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201403-0506",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "struts",
        "scope": "lt",
        "trust": 1.8,
        "vendor": "apache",
        "version": "2.3.16.1"
      },
      {
        "model": "struts",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apache",
        "version": "2.0.0"
      },
      {
        "model": "integrated system ha database ready",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business analytics modeling server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "business process manager analytics"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "extreme transaction processing server"
      },
      {
        "model": "interstage",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "mobile manager"
      },
      {
        "model": "interstage application development cycle manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application framework suite",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage apworks",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage business application server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage job workload server",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage service integrator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "interstage studio",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "serverview",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "resource orchestrator"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "analytics server"
      },
      {
        "model": "symfoware",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "server"
      },
      {
        "model": "systemwalker service catalog manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker service quality coordinator",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "systemwalker software configuration manager",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "triole",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": "cloud middle set  b set"
      },
      {
        "model": "cloud infrastructure management software",
        "scope": null,
        "trust": 0.8,
        "vendor": "fujitsu",
        "version": null
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.12"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.2"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.0.11.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.15.1"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.15.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.14.3"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.3.15"
      },
      {
        "model": "struts",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "apache",
        "version": "2.0.11.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.0"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.11"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.7"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.14"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.9"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.1.0"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.8"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.3.1.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.8.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.4"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.2"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.12"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.1.6"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.13"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.10"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11.2"
      },
      {
        "model": "storwize unified",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "ibm",
        "version": "v70001.3.0.5"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.0.11.1"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2.3"
      },
      {
        "model": "software foundation struts",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "apache",
        "version": "2.2"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "65999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "cpe_match": [
              {
                "cpe22Uri": "cpe:/a:apache:struts",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_framework_suite",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_apworks",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_business_application_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_job_workload_server",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_service_integrator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:interstage_studio",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:serverview",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:symfoware",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:triole",
                "vulnerable": true
              },
              {
                "cpe22Uri": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Mark Thomas and Przemyslaw Celej",
    "sources": [
      {
        "db": "BID",
        "id": "65999"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2014-0094",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 10.0,
            "id": "CVE-2014-0094",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2014-0094",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201403-191",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2014-0094",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The ParametersInterceptor in Apache Struts before 2.3.16.2 allows remote attackers to \"manipulate\" the ClassLoader via the class parameter, which is passed to the getClass method. ** Delete ** This case JVNDB-2014-000045 It was removed because it was found to be duplicated. JVNDB-2014-000045 Please refer to. Apache Struts is prone to a security-bypass vulnerability because it fails to adequately handle user-supplied input. \nAn attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions. This may lead to further attacks. \nApache Struts versions 2.0.0 through 2.3.16 are vulnerable. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA1\n\n- ------------------------------------------------------------------------\n                   VMware Security Advisory\n\nAdvisory ID: VMSA-2014-0007\nSynopsis:    VMware product updates address security vulnerabilities in \n             Apache Struts library \nIssue date:  2014-06-24\nUpdated on:  2014-06-24 (Initial Advisory)\nCVE number:  CVE-2014-0050, CVE-2014-0094, CVE-2014-0112\n- ------------------------------------------------------------------------\n\n1. Summary\n\n    VMware product updates address security vulnerabilities in Apache \n    Struts library\n\n2. Relevant releases\n\n    VMware vCenter Operations Management Suite prior to 5.8.2\n\n3. Problem Description\n\n   a. The Apache Struts library is updated to version 2.3.16.2 to \n      address multiple security issues. \n\n      The Common Vulnerabilities and Exposures project (cve.mitre.org)\n      has assigned the names CVE-2014-0050, CVE-2014-0094, and\n      CVE-2014-0112 to these issues. \n\n      CVE-2014-0112 may lead to remote code execution. This issue was \n      found to be only partially addressed in CVE-2014-0094. \n\n      CVE-2014-0050 may lead to a denial of service condition. \n\n      vCenter Operations Management Suite (vCOps) is affected by both \n      CVE-2014-0112 and CVE-2014-0050. Exploitation of CVE-2014-0112\n      may lead to remote code execution without authentication. \n\n      vCenter Orchestrator (vCO) is affected by CVE-2014-0050 and not \n      by CVE-2014-0112. \n\n      Workaround\n\n      A workaround for CVE-2014-0112 is documented in VMware Knowledge Base\n      article 2081470. \n\n\n      Column 4 of the following table lists the action required to\n      remediate the vulnerability in each release, if a solution is \n      available. \n\n      VMware         Product\tRunning\tReplace with/\n      Product        Version\ton\tApply Patch\n      =============  =======\t=======\t=================\n      vCOPS\t     5.8.x \tany \tvCOPS 5.8.2\n      vCOPS          5.7.x      any     patch pending *\n\n      vCO            5.5        any     patch pending\n      vCO            5.1        any     patch pending\n      vCO            4.2        any     patch pending\n\n      *Customers are advised to apply the workaround or update to vCOps\n5.8.2. \n\n4. Solution\n\n   Please review the patch/release notes for your product and version \n   and verify the checksum of your downloaded file. \n\n   vCenter Operations Management Suite 5.8.2\n   -----------------------------------------\n   Downloads and Documentation:\n   https://www.vmware.com/go/download-vcops\n   \n5. References\n\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0050\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094\n   http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112\n\n   http://kb.vmware.com/kb/2081470\n\n- ------------------------------------------------------------------------\n\n6. Change log\n\n   2014-06-24 VMSA-2014-0007\n   Initial security advisory in conjunction with the release of vCenter\n   Operations Management Suite 5.8.2 on 2014-06-24. \n\n- ------------------------------------------------------------------------\n\n7. Contact\n\n   E-mail list for product security notifications and announcements:\n   http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce\n\n   This Security Advisory is posted to the following lists:\n\n    security-announce at lists.vmware.com\n    bugtraq at securityfocus.com\n    fulldisclosure at seclists.org\n\n   E-mail: security at vmware.com\n   PGP key at: http://kb.vmware.com/kb/1055\n\n   VMware Security Advisories\n   http://www.vmware.com/security/advisories\n\n   VMware Security Response Policy\n   https://www.vmware.com/support/policies/security_response.html\n\n   VMware Lifecycle Support Phases\n   https://www.vmware.com/support/policies/lifecycle.html\n \n   Twitter\n   https://twitter.com/VMwareSRC\n\n   Copyright 2014 VMware Inc.  All rights reserved. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: Encryption Desktop 10.3.2 (Build 15337)\nCharset: utf-8\n\nwj8DBQFTqi0BDEcm8Vbi9kMRAnCKAJ9otVO7DlXuMnSEGh2TLBzS5hniKgCeMnAM\nCZ5+DYZAydCjMwVgtKqoo7Y=\n=Vwu5\n-----END PGP SIGNATURE-----\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "db": "BID",
        "id": "65999"
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      }
    ],
    "trust": 2.07
  },
  "exploit_availability": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "reference": "https://vulmon.com/exploitdetails?qidtp=exploitdb\u0026qid=41690",
        "trust": 0.2,
        "type": "exploit"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2014-0094",
        "trust": 2.9
      },
      {
        "db": "SECTRACK",
        "id": "1029876",
        "trust": 2.4
      },
      {
        "db": "BID",
        "id": "65999",
        "trust": 1.9
      },
      {
        "db": "PACKETSTORM",
        "id": "127215",
        "trust": 1.7
      },
      {
        "db": "JVN",
        "id": "JVN19294237",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "56440",
        "trust": 1.6
      },
      {
        "db": "SECUNIA",
        "id": "59178",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-000045",
        "trust": 1.6
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2014-0094",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "db": "BID",
        "id": "65999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "id": "VAR-201403-0506",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VARIoT devices database",
        "id": null
      }
    ],
    "trust": 0.1875
  },
  "last_update_date": "2024-11-23T20:28:33.827000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "S2-021",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-021.html"
      },
      {
        "title": "S2-020",
        "trust": 0.8,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
      },
      {
        "title": "CVE-2014-0094 \u4ed6 \u306b\u95a2\u3059\u308b\u5f71\u97ff",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/vulnerabilities/cve2014-0094-0114.html"
      },
      {
        "title": "Interstage BPMA\u4ed6 CVE-2014-0094",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_bpma201401.html"
      },
      {
        "title": "Interstage Application Development Cycle Manager(ADM): struts\u306e\u8106\u5f31\u6027(CVE-2014-0094) (2014\u5e745\u670827\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_aplidevcyclemgr_201401.html"
      },
      {
        "title": "Symfoware Server\uff08Open\u30a4\u30f3\u30bf\u30d5\u30a7\u30fc\u30b9\uff09: Struts\u306e\u8106\u5f31\u6027(CVE-2014-0094, CVE-2014-0112, CVE-2014-0113, CVE-2014-0116) (2014\u5e746\u67082\u65e5)",
        "trust": 0.8,
        "url": "http://software.fujitsu.com/jp/security/products-fujitsu/solution/symfoware_201402.html"
      },
      {
        "title": "struts-2.3.16.1-all",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=48603"
      },
      {
        "title": "Debian CVElist Bug Report Logs: libstruts1.2-java: CVE-2014-0114",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs\u0026qid=96f4091aa31a0ece729fdcb110066df5"
      },
      {
        "title": "Red Hat: CVE-2014-0094",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database\u0026qid=CVE-2014-0094"
      },
      {
        "title": "VMware Security Advisories: VMware product updates address security vulnerabilities in Apache Struts library",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=vmware_security_advisories\u0026qid=3f8f92a767d3e2773247be2d5077cbee"
      },
      {
        "title": "Oracle: Oracle Critical Patch Update Advisory - April 2015",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=oracle_advisories\u0026qid=4b527561ba1a5de7a529c8a93679f585"
      },
      {
        "title": "CVE-2014-0094-test-program-for-struts1",
        "trust": 0.1,
        "url": "https://github.com/HasegawaTadamitsu/CVE-2014-0094-test-program-for-struts1 "
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.4,
        "url": "http://www.securitytracker.com/id/1029876"
      },
      {
        "trust": 1.6,
        "url": "http://jvn.jp/en/jp/jvn19294237/index.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/532549/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://jvndb.jvn.jp/jvndb/jvndb-2014-000045"
      },
      {
        "trust": 1.6,
        "url": "http://www.vmware.com/security/advisories/vmsa-2014-0007.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/archive/1/531362/100/0/threaded"
      },
      {
        "trust": 1.6,
        "url": "http://www.huawei.com/en/security/psirt/security-bulletins/security-advisories/hw-350733.htm"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/59178"
      },
      {
        "trust": 1.6,
        "url": "http://www-01.ibm.com/support/docview.wss?uid=swg21676706"
      },
      {
        "trust": 1.6,
        "url": "http://secunia.com/advisories/56440"
      },
      {
        "trust": 1.6,
        "url": "http://www.securityfocus.com/bid/65999"
      },
      {
        "trust": 1.6,
        "url": "http://packetstormsecurity.com/files/127215/vmware-security-advisory-2014-0007.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new"
      },
      {
        "trust": 1.6,
        "url": "http://struts.apache.org/release/2.3.x/docs/s2-020.html"
      },
      {
        "trust": 1.6,
        "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html"
      },
      {
        "trust": 0.9,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0094"
      },
      {
        "trust": 0.8,
        "url": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-0094"
      },
      {
        "trust": 0.3,
        "url": "http://struts.apache.org/"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://twitter.com/vmwaresrc"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0112"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/lifecycle.html"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/2081470"
      },
      {
        "trust": 0.1,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-0112"
      },
      {
        "trust": 0.1,
        "url": "http://kb.vmware.com/kb/1055"
      },
      {
        "trust": 0.1,
        "url": "http://lists.vmware.com/cgi-bin/mailman/listinfo/security-announce"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/support/policies/security_response.html"
      },
      {
        "trust": 0.1,
        "url": "http://www.vmware.com/security/advisories"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0050"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2014-0094"
      },
      {
        "trust": 0.1,
        "url": "https://www.vmware.com/go/download-vcops"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "65999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "db": "BID",
        "id": "65999"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-03-11T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "date": "2014-03-06T00:00:00",
        "db": "BID",
        "id": "65999"
      },
      {
        "date": "2014-03-12T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "date": "2014-06-25T21:34:12",
        "db": "PACKETSTORM",
        "id": "127215"
      },
      {
        "date": "2014-03-12T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "date": "2014-03-11T13:00:37.107000",
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2019-08-12T00:00:00",
        "db": "VULMON",
        "id": "CVE-2014-0094"
      },
      {
        "date": "2015-07-15T00:14:00",
        "db": "BID",
        "id": "65999"
      },
      {
        "date": "2014-06-03T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      },
      {
        "date": "2019-08-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      },
      {
        "date": "2024-11-21T02:01:20.827000",
        "db": "NVD",
        "id": "CVE-2014-0094"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "remote",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "** Delete  ** Apache Struts of  ParametersInterceptor In  ClassLoader Vulnerability manipulated",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2014-001603"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201403-191"
      }
    ],
    "trust": 0.6
  }
}

jvndb-2014-000045
Vulnerability from jvndb
Published
2014-04-25 15:37
Modified
2015-05-08 18:01
Severity ?
() - -
Summary
Apache Struts vulnerable to ClassLoader manipulation
Details
Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated. NTT-CERT reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
Show details on JVN DB website


{
  "@rdf:about": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html",
  "dc:date": "2015-05-08T18:01+09:00",
  "dcterms:issued": "2014-04-25T15:37+09:00",
  "dcterms:modified": "2015-05-08T18:01+09:00",
  "description": "Apache Struts provided by the Apache Software Foundation is a software framework for creating Java web applications. Apache Struts contains a vulnerability where the ClassLoader may be manipulated.\r\n\r\nNTT-CERT reported this vulnerability to IPA.\r\n JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.",
  "link": "https://jvndb.jvn.jp/en/contents/2014/JVNDB-2014-000045.html",
  "sec:cpe": [
    {
      "#text": "cpe:/a:apache:struts",
      "@product": "Apache Struts",
      "@vendor": "Apache Software Foundation",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:cloud_infrastructure_management_software",
      "@product": "Cloud Infrastructure Management Software",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:integrated_system_ha_database_ready",
      "@product": "FUJITSU Integrated System HA Database Ready",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage",
      "@product": "Interstage",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_development_cycle_manager",
      "@product": "Interstage Application Development Cycle Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_framework_suite",
      "@product": "Interstage Application Framework Suite",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_application_server",
      "@product": "Interstage Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_apworks",
      "@product": "Interstage Apworks",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_business_application_server",
      "@product": "Interstage Business Application Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_interaction_manager",
      "@product": "Interstage Interaction Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_job_workload_server",
      "@product": "Interstage Job Workload Server",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_service_integrator",
      "@product": "Interstage Service Integrator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:interstage_studio",
      "@product": "Interstage Studio",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:serverview",
      "@product": "ServerView",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:symfoware",
      "@product": "Symfoware",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_service_catalog_manager",
      "@product": "Systemwalker Service Catalog Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_service_quality_coordinator",
      "@product": "Systemwalker Service Quality Coordinator",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:systemwalker_software_configuration_manager",
      "@product": "Systemwalker Software Configuration Manager",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/a:fujitsu:triole",
      "@product": "TRIOLE",
      "@vendor": "FUJITSU",
      "@version": "2.2"
    },
    {
      "#text": "cpe:/o:misc:miraclelinux_asianux_server",
      "@product": "Asianux Server",
      "@vendor": "Cybertrust Japan Co., Ltd.",
      "@version": "2.2"
    }
  ],
  "sec:cvss": {
    "@score": "7.5",
    "@severity": "High",
    "@type": "Base",
    "@vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
    "@version": "2.0"
  },
  "sec:identifier": "JVNDB-2014-000045",
  "sec:references": [
    {
      "#text": "http://jvn.jp/en/jp/JVN19294237/index.html",
      "@id": "JVN#19294237",
      "@source": "JVN"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0094",
      "@id": "CVE-2014-0094",
      "@source": "CVE"
    },
    {
      "#text": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-0112",
      "@id": "CVE-2014-0112",
      "@source": "CVE"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0094",
      "@id": "CVE-2014-0094",
      "@source": "NVD"
    },
    {
      "#text": "http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0112",
      "@id": "CVE-2014-0112",
      "@source": "NVD"
    },
    {
      "#text": "http://www.ipa.go.jp/security/ciadr/vul/20140417-struts.html",
      "@id": "[Updated] Security Alert for Vulnerability in the \"Apache Struts2\" (CVE-2014-0094)(S2-020)",
      "@source": "IPA SECURITY ALERTS"
    },
    {
      "#text": "http://www.kb.cert.org/vuls/id/719225",
      "@id": "VU#719225",
      "@source": "CERT-VN"
    },
    {
      "#text": "http://www.konakart.com/downloads/ver-7-3-0-0-whats-new/",
      "@id": "Ver 7.3.0.0 - What\u2019s New?",
      "@source": "Related document"
    },
    {
      "#text": "https://www.ipa.go.jp/en/security/vulnerabilities/cwe.html",
      "@id": "CWE-DesignError",
      "@title": "No Mapping(CWE-DesignError)"
    }
  ],
  "title": "Apache Struts vulnerable to ClassLoader manipulation"
}